The Brazilian court system suffered a massive ransomware attack earlier this month that crippled its operations for an entire week. The Superior Court of Justice (STJ in the Portuguese acronym) was on the receiving end of a ransomware attack on Tuesday, November 3, as several trial sessions took place. The malware infected the Court’s network, which meant Internet access had to be terminated as a preemptive measure. As a result, all trial sessions held online due to the coronavirus pandemic were canceled. Furthermore, the attack impacted STJ’s systems, rendering email and telephony setup unavailable.
In a statement released two days after the attack was detected, STJ minister Humberto Martins said cybercriminals didn’t access any information concerning the Court’s proceedings. He also revealed ransomware blocked data access by encrypting it, adding that they will resort to backups. However, they later found out that the onslaught even impacted the Court’s backup files and data, making it the worst cybersecurity incident Brazil has ever recorded. The Superior Court of Justice’s tech suppliers, which feature the likes of Microsoft, and the Brazilian Army’s Cyber Defense Center, are working on recovering the systems environment using tape backups. Meanwhile, all court sessions were suspended, with STJ focusing on urgent cases only until systems are fully operational again.
According to information Bleeping Computer obtained, the ransomware that infected the Court’s systems was RansomExx, a human-operated malware that enables cybercriminals to manually hack the target. It surfaced in June and claimed some high-profile victims like Tyler Technologies, who were eventually forced to cave and pay the ransom. Bleeping Computer shared the ransom note that shows RansomExx’s involvement. Brazil President Jair Bolsonaro said on November 5 that there indeed was a ransom and that the criminals responsible for the attack had already been found. However, it was not confirmed at the time.