Brazilian Courts Face Ransomware for Second Time in Recent Months

Threat Watch

Threat Watch Brazilian Courts Face Ransomware for Second Time in Recent Months

Brazilian Courts Face Ransomware for Second Time in Recent Months

Tribunal de Justiça do Estado, a court in the state of Rio Grande do Sul, was infected by REvil ransomware on Friday, forcing courts to shut down their network. Soon after the infection began, the court’s official Twitter account tweeted a warning to employees not to log into any of the court’s systems whether local or remote. The REvil operators are currently demanding a $5 million ransom to provide a decryptor and the criminals promise to refrain from posting the stolen data online if the ransom is paid.

ANALYST NOTES

The attack by REvil marks the second time in recent months that a Brazilian court system has been infected with ransomware after Brazil’s Superior Court of Justice was infected by RansomExx in November. Binary Defense highly recommends reading an implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. The guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more. Source: https://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/

Intruder Tactics: Privilege Escalation

Ransomware group targeted DC police, then sent mixed messages about shutting down

Emerging deepfake technology could have security implications for businesses

Striking Back: Hunting Cobalt Strike Using Sysmon And Sentinel

Threat Watch