Brazil’s Superior Court of Justice has announced an attack against the Superior Court of Justice’s (STJ) network Tuesday that is currently affecting some court services. Brazilian journalist Mateus Nunes has told BleepingComputer that several other Brazilian federal government agency websites went offline as well. It is not currently known if they are connected to the attack against the STJ. According to IT staff, systems were shut down to prevent further spread of the ransomware but case files and backups had already been encrypted. All court staff have been advised not to use any devices, work or personal, that were connected to the network. Official statements by STJ have not confirmed the attack as a ransomware incident, though ransom notes have revealed that the RansomExx group was behind the attack.
Binary Defense highly recommends all organizations provide regular security awareness training to help employees learn to spot phishing attacks. Unfortunately, in this case, it sounds like backups were encrypted during the attack. To ensure recovery in case of emergencies, organizations should follow the 3-2-1 rule as a backup guideline. The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline. This prevents all copies of backups from being lost or destroyed not just in ransomware attacks, but any other failure or emergency as well.