lockbit2 attacks Dirección General de Ingresos (DGI)

Incident Date:

June 14, 2022

World map



lockbit2 attacks Dirección General de Ingresos (DGI)


Dirección General de Ingresos (DGI)




Panama, Panama

Panama, Panama

First Reported

June 14, 2022

Dirección General de Ingresos (DGI) Suffers Ransomware Attack by Lockbit2

Company Overview

The Dirección General de Ingresos (DGI), a government agency in Panama, is tasked with the collection and administration of taxes. The agency's website is a hub for various services, including electronic invoicing, tax consultations, and a comprehensive directory of services.

Industry Standout

As an integral component of Panama's financial management system, the DGI plays a pivotal role. Its primary responsibilities include ensuring efficient tax collection and handling tax-related administrative duties, marking it as a cornerstone in the country's economic infrastructure.


While the specific vulnerabilities exploited in the ransomware attack by Lockbit2 on the DGI are not detailed, this incident is part of a larger pattern of ransomware campaigns targeting Latin American government entities observed since 2022. This trend may be attributed to a strategic shift among Russian-speaking cybercriminal groups, focusing their efforts on high-credibility targets within Latin America.

The attack on the Dirección General de Ingresos (DGI) underscores the persistent risk of ransomware threats facing government agencies. The DGI's critical role in Panama's financial system means that any compromise could have far-reaching implications. Although the precise vulnerabilities leveraged in this attack remain unspecified, the broader pattern of ransomware campaigns against Latin American governments indicates a calculated targeting of such entities due to their governmental status.


  • Dirección General de Ingresos (DGI) - Official Website: https://dgi.mef.gob.pa/
  • Recorded Future: "Latin American Governments Targeted by Ransomware" - URL not available

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.