ThreatLocker
  • Home
  • News
  • Security
  • Brazil's Rio Grande do Sul court system hit by REvil ransomware

Brazil's Rio Grande do Sul court system hit by REvil ransomware

By
  • April 29, 2021
  • 07:18 PM
  • 0

Brazil's TJRS

Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network.

Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the court system for the Brazilian state of Rio Grande do Sul.

The attack started yesterday morning when employees suddenly found that all of their documents and images were no longer accessible and ransom notes had appeared on their Windows desktops.

Soon after the attack started, the official TJRS Twitter account warned employees not to log in to the TJ network's systems locally or via remote access.

"The TJRS informs that it faces instability in computer systems. The systems security team advises internal users not to access computers remotely, nor to log into computers within the TJ network," tweeted the TJRS court system.

Tweet from TJRS
Tweet from TJRS

REvil ransomware responsible for the cyberattack

A Brazilian security researcher known as Brute Bee shared a screenshot with BleepingComputer of employees sharing the ransom notes and discussing the attack between each other.

Screenshot of ransom notes from the attack
Screenshot of ransom notes from the attack

These ransom notes are for the REvil ransomware operation, which BleepingComputer has independently confirmed was responsible for the attack.

BleepingComputer was told that the REVil ransomware operation demanded a $5,000,000 ransom to decrypt files and not leak data.

In a translated audio recording shared with BleepingComputer, a person described the attack as "horrible" and "the worst thing that ever happened there," with IT staff having a "hysterical stress attack" as they rush to restore thousands of devices.

This cyberattack is not the first ransomware attack on Brazil's court systems.

This past November, Brazil's Superior Court of Justice was attacked by the RansomEXX ransomware gang who began encrypting devices in the middle of video conference court sessions.

At the same time, websites of other Brazilian federal government agencies were offline, but it was not clear if they were shut down to be safe or under attack.

This is a developing story ...

H/T  Brute Bee

article image

99% of What Mythos Found Is Still Unpatched.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.

Claim Your Spot

Related Articles:

Healthcare IT solutions provider ChipSoft hit by ransomware attack

German authorities identify REvil and GandCrab ransomware bosses

Marquis: Ransomware gang stole data of 672K people in cyberattack

Mississippi medical center reopens clinics hit by ransomware attack

Mississippi medical center closes all clinics after ransomware attack

Lawrence Abrams
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

ThreatLocker
  Upcoming Webinar
Webinar
  Upcoming Webinar
Webinar

Login

Sign in with Twitter button Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Read our posting guidelinese to learn what content is prohibited.

SUBMIT