
The Peruvian government denies the hack, but the Rhysida group has already put stolen government data up for sale for $488,000, threatening to publish the entire archive. This is one of the most high-profile attacks on government infrastructure in Latin America.
Rhysida, a group linked to Russian hackers, announced a successful attack on the Peruvian government’s digital infrastructure. On its darknet blog, the attackers showed samples of files that they said were stolen from Peruvian servers. They gave the authorities six days to pay a ransom of 5 BTC.
Despite the inaccessibility of the Gob.pe website, the Peruvian government assures that the site is undergoing maintenance and there is no evidence of a cyberattack. However, experts from Venerix and Comparatech have already confirmed the veracity of Rhysida’s claim by at least 22%. Hackers traditionally work on a double blackmail scheme: encrypt data and threaten to publish it if the ransom is not paid.
The group often uses phishing, masquerading as cybersecurity teams, and penetrates networks using the Cobalt Strike tool. Their software has already been studied by KISA (South Korea), which even created a free decryption tool Rhysida.
Even if Peru officially denies the attack, the fact of publishing the files, the inoperability of the site and the activity of Rhysida indicate a serious crisis. The unwillingness to recognize the threat only increases the risk, both for Peru and for other countries in the region. Digital security has become a critical element of national security, and ignoring it is playing with fire.