Tribunal de Justiça do Estado, a court in the state of Rio Grande do Sul, was infected by REvil ransomware on Friday, forcing courts to shut down their network. Soon after the infection began, the court’s official Twitter account tweeted a warning to employees not to log into any of the court’s systems whether local or remote. The REvil operators are currently demanding a $5 million ransom to provide a decryptor and the criminals promise to refrain from posting the stolen data online if the ransom is paid.
The attack by REvil marks the second time in recent months that a Brazilian court system has been infected with ransomware after Brazil’s Superior Court of Justice was infected by RansomExx in November. Binary Defense highly recommends reading an implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more.