Quick Summary
Executive Summary
San Silvestre School, an educational institution based in Peru, has been identified as a victim by the Krybit ransomware group. The listing was published on June 25, 2026, and discovered through SOCRadar’s Dark Web Monitoring service. While Krybit’s victimology is predominantly in Europe, San Silvestre represents one of their few Latin American targets. In the 60 days preceding this listing, Krybit claimed 28 other victims, frequently targeting the business services, public sector, and technology industries, with a concentration of victims in Germany, Austria, and Peru.
Technical Analysis
SOCRadar’s analysis of stealer-log telemetry revealed a significant exposure concerning the sansilvestre.edu.pe domain. A data sample contained approximately twenty-five credential records from mid-May to late June 2026. This data included credentials for Google Workspace identity provider, internal infrastructure, corporate email accounts found on third-party services, network security appliance management interfaces, an Aruba ClearPass portal, and ERP login. These findings suggest a pattern of initial access often employed by ransomware groups like Krybit, where harvested credentials are used to gain entry into corporate networks and systems. The recommended defensive actions include immediate credential rotation, Multi-Factor Authentication enforcement on affected accounts, and isolation/reimaging of compromised workstations.