Ransomware

Brazil’s court system shut down due to ransomware attack

0

Brazil’s Superior Court of Justice was forced to temporarily shut down its information technology network after a massive ransomware attack hit during judgment sessions.

The Superior Court of Justice (STJ) announced that the attack occurred when the six group classes’ judgment sessions were taking place. The presidency of the court has informed the Federal Police to investigate the cyber-attack.

The attack was discovered on November 3 and the court’s network were shut down to prevent the spread of the malware.

The court is planning to restore its systems and court activities are expected to resume on November 9.

For the time being all judgment sessions including virtual and video conference will be either suspended or canceled until the court network’s security will be restored.

Due to the attack, websites of several Brazilian federal government agencies were also taken offline.

According to local media, Brazilian president Jair Bolsonaro announced that the authorities have identified the threat actors behind the attack.

Brazilian media outlet CISO Advisor claims it has viewed an internal report on the security breach incident that suggests the threat actor was a financially motivated cybercrime organization.

According to an audio report obtained by the CISO Advisor from an IT official at the agency, more than 1,200 servers, mostly virtual machines, have been encrypted.

It is believed that the attack was something planned even by some criminal organization such as PCC, Comando Vermelho or Família do Norte, together with international gangs that make cyber-attacks, and receive for that and that may have used outsourced servers.

According to one of the technicians at the court, the attackers took over a Domain Admin account.

A copy of the ransom was found on the systems of the STJ and it is confirmed that the court was a victim of an attack launched by the RansomExx ransomware gang.

The RansomEXX is human-operated ransomware, which means that attackers manually infected the systems after gained access to the target network.

Image Credits : Human Rights Watch

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Campari hit by Ragnar Locker Ransomware

    Previous article

    E-commerce platform X-Cart suffers ransomware attack

    Next article

    You may also like

    More in Ransomware

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *