Click here to visit Original posting
- Operators of the Rhysida ransomware add Peruvian government to their data leak site
- Hackers claim to have stolen sensitive files and are demanding five bitcoin
- The government says it hasn't been targeted and that it operates normally
Infamous hacking group Rhysida has claimed it breached the digital platform of the Peruvian government, but the South American country denies any ransomware incidents.
The cybercriminals added the Peruvian government to their data leak site, including some documents allegedly stolen from the gob.pe portal, noting they also demanded a five bitcoin ransom, which equals roughly $471,000.
This prompted Peru’s Ministry of Government and Digital Transformation to publish a statement and deny any hostile takeover of its digital assets.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Tax admin was struck
“The Single Digital Platform of the Peruvian State, www.gob.pe, has not been compromised or breached. All its services remain operational and functioning normally,” the government said in a statement published on Facebook.
“The posts circulating on social media suggesting a supposed hijacking of the domain www.gob.pe are inaccurate,” it stressed, but added that an attack has, indeed, taken place recently.
“The incident in question is related to a service associated with the domain www.satp.gob.pe, which is not administered by the PCM (Presidency of the Council of Ministers) or the Secretariat of Government and Digital Transformation.”
This, according to The Record, is the tax administration website of regional capital Piura.
This government entity also released a statement, confirming a cyberattack in late March 2025. It disrupted its operations briefly, but they were restored within 48 hours. Allegedly, no files were stolen in this attack.
“As soon as we became aware of the possible security event, the National Center for Digital Security (CNSD) immediately activated preventive alerts to mitigate any potential risk,” the notice continues.
“Currently, investigation and analysis efforts are being carried out in coordination with relevant entities, both nationally and internationally. Additionally, direct collaboration is underway with the institution allegedly affected to clarify the facts and determine the extent of the incident.”
You might also like
- Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers