Cyber Incident Victim: Personal Paraguay
Date:
Oct 2022
Location:
Paraguay
Summary
A Paraguayan telecommunications company experienced a malicious cyberattack disrupting some services, though it maintained core operations like mobile telephony, internet, and television with minimal interruptions. The firm proactively isolated its digital wallet platform to safeguard user funds and data integrity amid ongoing restoration efforts. Customers reported prolonged service issues over multiple days, contradicting claims of minimal impact, and some encountered problems with the wallet despite assurances. The attackers issued no ransom demand, and while Lockbit 3.0 claimed regional victims during this period, its involvement remains unverified. The company provided limited public updates and did not respond to external inquiries regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Personal Paraguay, a Paraguayan telecommunications provider, experienced a cyber incident around October 25-28, 2022, disrupting cellular, internet, and television services. The company first acknowledged service disruptions publicly on October 28 via a Facebook post, citing unspecified "inconveniences." Customers responded angrily, noting services had already been unavailable for three days and demanding restoration timelines. On October 29, Personal Paraguay confirmed a "malicious attack by unscrupulous people" targeting its computer systems, attributing continued operation of core services (mobile telephony, internet, and Flow TV) to existing prevention procedures while acknowledging minimal disruptions. Internal teams worked intensively to restore affected systems, though the company did not specify the attack vector or compromised infrastructure. By November 2, services remained partially disrupted, with the company isolating its personal wallet platform—a digital payment system—to prevent potential compromise of user funds or data integrity.
Despite assurances that wallets were protected, users reported functionality issues with the personal wallet service. Personal Paraguay maintained no ransom demand occurred, though the absence of communication from attackers was noted as unusual. DataBreaches attempted contact via email and Facebook on October 31 and November 2 but received no response. Concurrently, Lockbit 3.0 ransomware group listed multiple Latin American organizations as victims during this period, including Cooperativa Antonio Vega Granados R.L. (Costa Rica), Macrotel (Argentina), and Happmobi (Brazil), though none provided proof-of-hack evidence. While Fisco Saéde (Brazil) and Villa Toro de Hisba experienced cyberattacks overlapping with Personal Paraguay’s incident timeline, neither attributed responsibility to Lockbit. The telecom’s restoration efforts remained ongoing as of November 4, with unresolved customer complaints regarding service reliability and wallet access.