Pierluigi Paganini May 03, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State.

The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

The group published the images of multiple documents allegedly stolen from the Peruvian government platform.

The ransomware group demands a ransom of five bitcoins from the victim and gives seven days for the payment.

The Rhysida ransomware group has been active since May 2023. According to the gang’s Tor leak site, at least 182 companies are victims of the operation.

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The advisory is part of the ongoing #StopRansomware effort, disseminating information about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Government of Peru)