- Operators of the Rhysida ransomware add Peruvian government to their data leak site
- Hackers claim to have stolen sensitive files and are demanding five bitcoin
- The government says it hasn’t been targeted and that it operates normally
Infamous hacking group Rhysida has claimed it breached the digital platform of the Peruvian government, but the South American country denies any ransomware incidents.
The cybercriminals added the Peruvian government to their data leak site, including some documents allegedly stolen from the gob.pe portal, noting they also demanded a five bitcoin ransom, which equals roughly $471,000.
This prompted Peru’s Ministry of Government and Digital Transformation to publish a statement and deny any hostile takeover of its digital assets.
Tax admin was struck
“The Single Digital Platform of the Peruvian State, www.gob.pe, has not been compromised or breached. All its services remain operational and functioning normally,” the government said in a statement published on Facebook.
“The posts circulating on social media suggesting a supposed hijacking of the domain www.gob.pe are inaccurate,” it stressed, but added that an attack has, indeed, taken place recently.
“The incident in question is related to a service associated with the domain www.satp.gob.pe, which is not administered by the PCM (Presidency of the Council of Ministers) or the Secretariat of Government and Digital Transformation.”
This, according to The Record, is the tax administration website of regional capital Piura.
This government entity also released a statement, confirming a cyberattack in late March 2025. It disrupted its operations briefly, but they were restored within 48 hours. Allegedly, no files were stolen in this attack.
“As soon as we became aware of the possible security event, the National Center for Digital Security (CNSD) immediately activated preventive alerts to mitigate any potential risk,” the notice continues.
“Currently, investigation and analysis efforts are being carried out in coordination with relevant entities, both nationally and internationally. Additionally, direct collaboration is underway with the institution allegedly affected to clarify the facts and determine the extent of the incident.”
