Peru denies it was hit by ransomware attack following Rhysida claims

Peru’s government is denying claims that its federal digital platform was taken over by a ransomware gang that has previously attacked governments around the world. 

The Ministry of Government and Digital Transformation published a statement on Thursday addressing a posting on the Rhysida ransomware gang’s leak site about a takeover of the government’s domain. 

The group demanded a 5 bitcoin ransom — worth about $472,000 —  and shared documents allegedly stolen from Peru’s government portal gob.pe. 

The Presidency of the Council of Ministers said the website was not compromised and that its services continued operating throughout the week but admitted the hackers did gain access to the tax administration website of regional capital Piura. 

“As soon as we learned about the possible security event, the National Digital Security Department (CNSD) immediately activated preventive alerts in order to mitigate any potential risks,” they wrote. 

Federal authorities said they are investigating the incident and working with officials in Piura on the issue. 

On Friday, the Tax Administration Service in Piura released its own statement confirming that it dealt with a cyberattack early on March 29. The incident impacted the organization’s operations but service was restored in 48 hours, according to Piura officials. 

The IT team reported the incident to Piura’s provincial prosecutor’s office and denied that any data was stolen during the attack. 

In its statement, federal officials warned state-level entities that all cyber incidents need to be reported to the National Centre for Digital Security.

They urged Peruvians to only rely on information from official sources within the government and to avoid “messages that may generate confusion or unjustified alarm.”

The country’s residents have been on high alert to cyber threats since October, when one of the country’s largest banks apologized for a data breach that may have exposed information from up to 3 million customers.

Rhysida ransomware actors have made a name for themselves with several attacks on the governments of Kuwait and the Dominican Republic, as well as breaches of local governments within the U.S. and Portugal. 

In the U.S., the group drew outrage after incidents involving the cities of Columbus and Seattle, both of which caused significant disruptions and dangerous information leaks. 

Rhysida is known as one of the more ruthless ransomware gangs, attacking children’s hospitals, prominent healthcare networks, Christian charities and libraries.