RansomExx ransomware attacks judiciary in Brazil, court data encrypted

Superior Court of Justice in Brazil suspends online sessions because of ransomware attack
Follow Morning Tick onFollow Morning Tick on Google News

Brazil’s Superior Court of Justice (STJ) was a victim of a ransomware attack on Tuesday, November 3. The attack occurred during its online sessions, leaving the court in disarray, and all court processes had to be suspended. Two days later, the Brazilian Federal Police opened an investigation into the matter. 

According to local reports, the malware could have infiltrated the court’s systems via a Domain Admin account. The malware then proceeded to encrypt virtual machines in the system, after gaining access to admin groups of the virtual environment.

The court’s  IT specialists confirmed that all online systems were taken down. For cybersecurity safety, all personnel were asked to operate away from the servers that had been affected. But, all online processes of the STJ  processes will be on November 10.

“The Secretariat for Information and Communication Technology (STI) is working on systems recovery to restore all court services as quickly as possible,” said STJ President Humberto Martins on the court’s official website.

Although the entire online activities and platforms were shut down by the malware attack, the court managed to encrypt all case databases and backups beforehand. 


Following this cyber threat, all other judicial systems are adding layers to their online security systems. 

The affected organization has not reported the identity of the ransomware behind the attack. However, BleepingComputer published that RansomExx was the perpetrator. Reportedly, they recovered a ransom note from an affected system. The note asked the “affected company” to send a file for decryption, to prove the legitimacy of the cyberattack. 

This is the same ransomware group behind the recent attacks on tech giant Konica Minolta and laser manufacturer IPG Photonics. It is noteworthy that  RansomExx is a mutation of the Defray777 ransomware group, and was proactive in June this year. 

Never miss our stories, Join community : Twitter | Facebook | Telegram

Related Posts