Paraguay says it will not pay off cybercriminals who obtained personal data potentially affecting every citizen. The group is threatening to make the data public if the government doesn’t pay $7.4 million by June 13.
“The government never negotiates with these types of actors,” Gustavo Villate, Minister of Technology and Information, told OCCRP
A group calling itself Brigada Cyber PC has posted a ransom message to Paraguayans on the so-called “darknet,” an online space where criminals flog drugs, weapons and other illicit items and services.
“We have record on EVERY citizen, every person residing in Paraguay,” the group said.
Brigada Cyber PMC added that it would “give a good chance to these burocrats [sic] to fix the problem” — by paying a ransom of about $1 per citizen by this Friday. The message included a timer counting down the days, hours, minutes and seconds to the deadline.
Paraguay’s government did not make the threat public. It was first reported in a blog post by Resecurity, a Los Angeles-based cybersecurity company that is investigating the incident and sharing its findings with Paraguay.
Resecurity told OCCRP in an email that the attack “could be interpreted as a landmark in known cybersecurity incidents today, by size and scale, as the entire country was extorted due to a massive data breach.”
Paraguay has been the target of several recent cyberattacks, including a hack this week of the X account belonging to the country’s president, Santiago Peña.
In May, cybercriminals breached several Paraguayan public institutions, including the ministries of health, justice and labor.
In November, a team of Paraguayan and American investigators said the country had been targeted by the “cyber espionage actor Flax Typhoon,” which had links to the Chinese government.
Resecurity noted that Paraguay is the only South American country to recognize the independence of Taiwan. China considers the island nation as its territory, and has carried out a global campaign to convince other governments to do the same.
The motives behind the latest attack by the group calling itself Brigada Cyber PMC remain a mystery.
“It is unclear whether a foreign state sponsors the actors and if cybercriminal motives purely drive their activity,” Resecurity said.
Resecurity obtained a sample of data from the cybercriminal groups and said it included “personally identifiable information” that appeared to have been “exfiltrated from, at least, three different government information systems.”
Paraguayan officials denied government systems had been hacked this time around. Instead, they told OCCRP the latest ransom attempt was probably based on data collected from previous attacks.
“It is very common for ransomware groups to take credit for activities they did not carry out,” said Pedro Martínez, the technology and information ministry’s director of cybersecurity.
“In this case, it is quite likely that they will take previous leaks, repackage them into a new — so to speak — data set, and try to sell them that way,” he said.
Villate, the minister, said the data was “not recent,” and urged the public not to panic.
“That is what we must avoid, generating panic, because that leads nowhere,” he said.
