Cyber Incident Victim: Uruguay

On July 24, 2024, the Intendencia de Paysandú, a departmental government administration in Uruguay, experienced a cyberattack that resulted in the complete loss of stored information and disrupted multiple critical services. Attackers encrypted the institution's data infrastructure, rendering systems inoperable and demanding a ransom payment of US$650,000 for decryption keys and data restoration. The intrusion was detected when municipal employees discovered inaccessible systems during routine operations on Wednesday morning, with subsequent analysis confirming unauthorized network access and data encryption. Immediate operational impacts included the suspension of online tax payment processing, property registration services, and municipal licensing systems, forcing citizens to conduct transactions in person at physical offices. The attackers established direct communication with the administration following the encryption, specifying the ransom amount and payment instructions for data recovery.

Departmental Intendant Nicolás Olivera publicly confirmed the cyberattack and stated the administration refused to negotiate with or pay the attackers. Technical teams collaborated with national cybersecurity experts to isolate compromised systems and prevent lateral movement within the network. Restoration efforts prioritized rebuilding infrastructure using unaffected backup systems where available, though full recovery timelines remained unspecified due to ongoing forensic analysis. Service disruptions persisted in revenue collection, property transactions, and digital citizen portals, creating administrative delays across the department. The incident remained under investigation by Uruguayan authorities to determine attack vectors and responsible threat actors, with no claims of data exfiltration disclosed beyond the encryption-based ransom demand.