ASUNCIÓN, Paraguay – The Paraguayan government has declared it will not pay a ransom to a cybercrime organization that claims to have stolen the personal data of the entire nation. The group, calling itself "Brigada Cyber PMC," threatened to release the stolen data by June 13 if $7.4 million (approximately 10 billion Korean Won) was not paid.

Gustavo Villate, Paraguay's Minister of Information and Communication Technologies, firmly told the Organized Crime and Corruption Reporting Project (OCCRP), "The government never negotiates with these kinds of actors."

 
Hacker Group Escalates Threats, Claims to Possess "Information on All Citizens"

Brigada Cyber PMC posted extortion messages targeting Paraguayan citizens on the dark web, an online space where illicit goods and services like drugs and weapons are traded.

In their message, they claimed, "We have records of every citizen, every person living in Paraguay," and urged payment, stating, "We will give these officials a good opportunity to resolve the issue." The demanded ransom amounted to approximately $1 per citizen, and the message even included a countdown timer indicating the deadline.

 
Government Accused of Concealing Breach; Cybersecurity Firm First to Disclose

The Paraguayan government did not publicly disclose this threat. It was first revealed through a blog post by Resecurity, a Los Angeles-based cybersecurity company. Resecurity is investigating the incident and sharing its findings with the Paraguayan government.

In an email to OCCRP, Resecurity assessed the attack as "a landmark in terms of scale and scope among today's known cybersecurity incidents, in that an entire nation's population has been extorted by a massive data breach."

 
Paraguay Plagued by Successive Cyberattacks

Paraguay has recently been the target of several cyberattacks. This week, President Santiago Peña's X (formerly Twitter) account was hacked. In May, several public institutions, including the Ministry of Health, Ministry of Justice, and Ministry of Labor, were subjected to cyberattacks.

Last November, a team of Paraguayan and US investigators announced that Paraguay had been targeted by "cyber espionage actor 'Flax Typhoon'" linked to the Chinese government.

Resecurity noted that Paraguay is the only South American country that recognizes Taiwan's independence. China considers Taiwan its own territory and is engaged in a global campaign to persuade other governments to recognize Taiwan as part of its territory.

 
Attack Motive Unclear; Possibility of Reusing Previously Leaked Data Raised

The motive behind Brigada Cyber PMC's recent attack remains unclear. Resecurity stated, "It is not clear if a foreign state is sponsoring these actors, and if purely cybercriminal motives are driving their activity."

Resecurity obtained data samples from the cybercrime group, which included "personally identifiable information" that "appears to have been exfiltrated from at least three different government information systems."

However, Paraguayan government officials denied that government systems were hacked this time. Instead, they told OCCRP that this ransomware attempt was likely based on data collected from previous attacks.

Pedro Martínez, Director of Cybersecurity at the Ministry of Information and Communication Technologies, said, "It's very common for ransomware groups to take credit for activities they haven't carried out," adding, "In this case, it's highly likely they took previously leaked data and repackaged it as a new dataset to try and sell it."

Minister Villate stated that the data was "not up-to-date" and urged the public not to panic. He emphasized, "What we have to avoid is generating panic. That does not help at all."

 
Paraguay's Efforts to Strengthen Cyber Security

In light of this incident, the Paraguayan government is expected to accelerate its efforts to strengthen cybersecurity. The government plans to establish a national cybersecurity strategy and increase investment in protecting public institutions' information systems. Furthermore, it is anticipated that they will enhance defense capabilities against the latest threats through cooperation with international cybersecurity experts and promote education and campaigns to raise public awareness of personal information protection.

 
Experts Warn: Ransomware Attacks Emerging as a National Security Threat

Cybersecurity experts warn that ransomware attacks targeting the personal information of an entire nation, like the incident in Paraguay, are not merely financial threats but can pose a serious threat to national security. Large-scale personal information leaks can exacerbate public anxiety and cause widespread social disruption. Moreover, there is a risk that leaked information could be misused for other crimes, leading to severe secondary damage. Therefore, there is a growing call for governments worldwide to prioritize cybersecurity and establish proactive prevention and response systems.

[Copyright (c) Global Economic Times. All Rights Reserved.]