- Joined
- Dec 3, 2020
- Messages
- 1,780
Supposedly, the operators of the ransomware RansomExx are behind the cyber attack.
During the court hearings, which were held by videoconference, the Brazilian Supreme Court was subjected to a cyber attack using ransomware. As a result of the attack, the databases of ongoing lawsuits were blocked, and the work of the internal mail server was also disrupted.
The websites of many other Brazilian government agencies are also currently disabled, but it is not yet known whether they were attacked by the same cybercriminals.
The investigation of the cyber incident took place by the Federal Police of the country. According to preliminary data, the attackers gained access to the backup data store by blocking access to it using a cryptographic key.
The Information and Communications Technology Secretariat is working to rebuild systems. Supreme Court Chief Justice Humberto Martins has ordered the suspension of all court hearings and videoconferencing until at least November 9th.
"During the attack, a domain administrator account was used, which allowed a hacker to access our servers, enter the administration groups of the virtual environment and, finally, encrypt a significant portion of our virtual machines," IT experts said.
The court's IT department also advised all users, including judges, trainees and outside workers, not to use any computers (including personal ones) if they were or are still connected to the court's network.
While the official statements do not mention the specific criminal group responsible for this attack, the ransom note points to RansomExx.
The RansomEXX infection mechanism is similar to other ransomware campaigns aimed at corporate environments - attackers compromise the target organization's network, gain administrator rights, access a Windows domain controller, and then distribute the ransomware to corporate devices.
__________________
During the court hearings, which were held by videoconference, the Brazilian Supreme Court was subjected to a cyber attack using ransomware. As a result of the attack, the databases of ongoing lawsuits were blocked, and the work of the internal mail server was also disrupted.
The websites of many other Brazilian government agencies are also currently disabled, but it is not yet known whether they were attacked by the same cybercriminals.
The investigation of the cyber incident took place by the Federal Police of the country. According to preliminary data, the attackers gained access to the backup data store by blocking access to it using a cryptographic key.
The Information and Communications Technology Secretariat is working to rebuild systems. Supreme Court Chief Justice Humberto Martins has ordered the suspension of all court hearings and videoconferencing until at least November 9th.
"During the attack, a domain administrator account was used, which allowed a hacker to access our servers, enter the administration groups of the virtual environment and, finally, encrypt a significant portion of our virtual machines," IT experts said.
The court's IT department also advised all users, including judges, trainees and outside workers, not to use any computers (including personal ones) if they were or are still connected to the court's network.
While the official statements do not mention the specific criminal group responsible for this attack, the ransom note points to RansomExx.
The RansomEXX infection mechanism is similar to other ransomware campaigns aimed at corporate environments - attackers compromise the target organization's network, gain administrator rights, access a Windows domain controller, and then distribute the ransomware to corporate devices.
__________________
