After targeting various sectors, ransomware gangs have now turned to the court systems. Recently, Brazil Superior Court of Justice systems went offline following a cyber attack. Reports suggest that the court systems have possibly suffered a ransomware attack.
Brazil Court System Cyber Attack
Reportedly, the Superior Court of Justice (STJ) Brazil faced a cyber attack on November 3, 2020, during court sessions. As announced on their website, STJ operations will remain suspended until November 9, 2020, for system recovery.
The measures, disciplined in a resolution published on Wednesday (4), were adopted due to an invasion detected on the court’s computer network on Tuesday afternoon (3), when the videoconference sessions of the six classes were in progress. judging…
During this time, STJ operations will go on under the court’s presidency, that too, focused on urgent matters only.
STJ has confirmed the unauthorized invasion was precisely a malware attack that quickly infected court systems. Upon noticing the malware, court systems went offline, including phone systems, as a precaution. As a result, all trial sessions face suspension until the normal operations begin following system recovery.
The Court is collaborating with the Brazilian Army’s Cyber Defense Command and other relevant authorities for investigations. As per the recent update,
The Federal Police is investigating the effects of the hacker attack on the court’s information technology network, including with regard to the extension of access to the files, as well as on possible data copying. The investigation of the crime continues in a secret investigation.
RansomExx Ransomware Involved
While SJ has disclosed the incident as a malware attack, Bleeping Computer has shared details of the matter as a ransomware attack.
Precisely, they obtained a copy of the ransom note found on STJ systems that reveal RansomExx ransomware involvement.
RansomExx is a human-operated malware where the attackers manually infect the target system. It became active in June 2020 and has since attacked numerous high-profile targets. It’s the same ransomware that has earlier targeted Tyler Technologies, making the victim ultimately pay the ransom.