INC Ransom Claims Panama’s Finance Ministry Data Breach, Leaks Sample

• Breach claim: An alleged Ministry of Economy and Finance of Panama data breach exposed 1.5 terabytes of sensitive information.
• Threat actor: The ministry was allegedly breached by the INC Ransom group, who made the announcement on the gang’s leak website.
• What was stolen: Internal emails, confidential government records, and detailed financial budgets may have leaked.

The INC Ransom ransomware group has claimed responsibility for a significant cyberattack against the Ministry of Economy and Finance of Panama. The threat actor alleges it has successfully breached the ministry's network and exfiltrated over 1.5 terabytes of sensitive information.

Details of the Alleged Data Exfiltration

According to the group's announcement, the Panama Ministry of Economy and Finance breach resulted in data theft. The compromised information purportedly includes internal emails, confidential government records, and detailed financial budgets. 

To substantiate their claims, INC Ransom has published a sample of the stolen data on their leak site, a common tactic used by ransomware operators to apply pressure on their victims.

The group has explicitly threatened to release the full dataset to the public if the ministry does not engage in negotiations. This tactic is a hallmark of modern double-extortion schemes, where threat actors not only encrypt data but also steal it to coerce payment.

Cybersecurity Implications for Government Institutions

A successful ransomware data exfiltration of this magnitude can have severe consequences, including the public exposure of state secrets, disruption of governmental functions, and a significant erosion of public trust. 

The attack on a nation's central economic ministry highlights the strategic targeting of critical infrastructure by sophisticated ransomware groups. 

This possible incident underscores the escalating cybersecurity threats to government institutions worldwide. In August, a Business Council of New York State data breach exposed 47,000 individuals' sensitive information, while Salt Typhoon maintained access to the Army National Guard systems for almost one year.

INC Ransom recently claimed Saudi Arabia’s Tatweer Buildings Company and Hospital Santa Rita in Brazil, even leaking videos of sleeping patients allegedly from Persante Health Care.

Related

Geedge Networks Linked to China's Great Firewall Export

LockerGoga, Nefilim Ransomware Administrator Charged for Targeting 250 Companies Globally

Novel The Gentlemen Ransomware Group Targets Critical Industries in Over 15 Countries

Intrusion Analysis Reveals Overlap in RansomHub, DragonForce, and Play Ransomware Operations

18 Popular Packages Compromised in One of the Largest NPM Supply Chain Attacks

US Treasury Cracks Down on Southeast Asian Cyber Scams Exploiting Forced Labor

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.

Subscribe for Free

Please enter a valid email address.

Most Popular

Nepal Sees 8,000% Surge in VPN Sign-Ups After Social Media Ban

Geedge Networks Linked to China's Great Firewall Export

LockerGoga, Nefilim Ransomware Administrator Charged for Targeting 250 Companies Globally

Novel The Gentlemen Ransomware Group Targets Critical Industries in Over 15 Countries

Mullvad VPN Launches QUIC Obfuscation for WireGuard to Help Users Beat Internet Blocks

NordVPN Expands Access Through Noju Carrier Billing Partnership

Nepal Sees 8,000% Surge in VPN Sign-Ups After Social Media Ban

Geedge Networks Linked to China's Great Firewall Export

LockerGoga, Nefilim Ransomware Administrator Charged for Targeting 250 Companies Globally

Novel The Gentlemen Ransomware Group Targets Critical Industries in Over 15 Countries

Mullvad VPN Launches QUIC Obfuscation for WireGuard to Help Users Beat Internet Blocks

NordVPN Expands Access Through Noju Carrier Billing Partnership