The Gob.pe page, related to the Government of Peru, He would have suffered an alleged cyber attack by hackers, which caused the website to fall temporarily. Despite the interruption, the portal was restored after a few minutes of inactivity.
The attack would be at the hands of Rhysida Ransomwarea type of malware that is part of a group of cybercriminals who use the tactics of “ransomware” to extort their victims. According to the report published by DarkWeb Informercybercounts would have requested a rescue of 5 bitcoins, which is equivalent to approximately 1,779,568.25 soles.
The attackers would have given a period of seven days to make the payment, otherwise, they could reveal sensitive information or make new ‘hackeos’.
After the dissemination of this fact by the platform specialized in cybersecurity, some users claimed that they experienced difficulties in accessing Official Government Website Peruvian (www.gob.pe).
Some users on social networks, especially in X, commented that the access problems were caused by not including the “www” prefix in the direction, which generated confusion.
In dialogue with Infobae PeruCésar Vílchez, Secretary of Government and Digital Transformation of the Presidency of the Council of Ministers (PCM), ruled out that the platform www.gob.pe has suffered a recent attack or fall. He indicated that, according to the reports received, the site has worked normally throughout the day and no suspicious falls have been recorded in recent weeks.
“The data of www.gob.pe are safe, there are copies of daily support and in high availability,” he said.
Vilchez said that the official direction of the Government is www.gob.pe, and not Gob.pe, domain that belongs to the Peruvian scientific network, currently Nic.pe. He added that the platform has daily backup copies and systems in high availability, which guarantees the integrity and safety of the information housed.
According to catches disseminated in social networks, the Rhysida cybercriminal group He would have accessed official documents belonging to different spheres of the Peruvian state. Among the compromised archives would include internal communications of ministries, regional governments and other public entities.
Despite the dissemination of these images, the presidency of the Council of Ministers has not confirmed the attack or gave details about the alleged filtration. Instead, he issued a statement in which he announced that the PCM digital parts table will remain out of service on Sunday, April 4, from midnight to 8:00 pm
“This maintenance is necessary to continue improving the quality and availability of the service we provide to citizens through our digital platform,” the institution said.
Rub It is a group of cybercriminals that operates under the model of “Ransomware as a service”(RAAS), offering encryption tools to other attackers in exchange for a part of the rescue. Since its appearance in May 2023, it has attacked various organizations in sectors such as health, education, technology and technology Governments of Latin America, Europe and the United States.
Its modus operandi includes infiltration through Electronic emails phishingthe use of tools such as Cobalt Strike and Psexec to move laterally on the networks, and the exfiltration of sensitive data before encrypting them.
After the attack, they demand a rescue and threaten to publish the stolen information on their place in the Dark Web if not paid.
Among his best -known victims are the Chilean Army, the PAMI in Argentina and the British Library, where they stole 600 GB of information and disseminated it after not obtaining the payment.
And ransomware It is a type of malware (malicious software) that Block access to the archives or systems of a victim and demands a rescue To free them. It works by valuing user information, which prevents it from accessing it without a deciphered key that only attackers possess.
Generally, ransomware spreads through phishing emails, infected attachments or malicious links. Once it infects a equipment, it shows a message with instructions to pay the rescue, usually in cryptocurrency as Bitcoin.
If it is not paid within the period imposed by the attackers, they threaten to erase the data or make them public. Some variants also steal the information before encrypting it.
Related news :