The Supreme Court of Brazil he fell victim ransomware attack (RansomExx) during a court hearing by teleconference.
"The Supreme Court (STJ) announces that its technology network has been hacked attack on Tuesday afternoon, during meetings", Said the President of STJ, Humberto Martins, on the site of the Federal Supreme Court.
The government is working to restore them systems and the restoration of all judicial services as soon as possible.
The Brazilian journalist Mateus Nunes told BleepingComputer that other Brazilian government service sites are offline. However, we do not know if the same criminals attacked these sites separately or if they are somehow connected to the hosting systems and the website of the Court.
The systems are offline
Its systems Superior Court of Justice (also known as STJ) shut down to stop the spread of ransomware throughout the network of the court, but many court documents and backups had already been encrypted.
The site and systems of the Supreme Court are still offline, three days after the ransomware attack. It is said that they will start working again when all the systems are fully restored.
"A Domain Admin account was abused, which allowed an attacker to gain access to our servers, log in to virtual environment management teams, and finally encrypt part of our virtual machines.Said one of the IT technicians.
According to the Brazilian Supreme Court, all litigation, both virtual and / or teleconferencing, will be suspended or annulled until the safety of the court.
In addition, the IT department of the court proposed to all users, including judges, trainees and external collaborators, not to use their computers, even personal ones, if they are still connected to the court network.
The RansomExx gang ransomware behind the attack
Brazil's Supreme Court has not named the ransomware gang responsible for this attack, but one of the ransom notes found on an encrypted computer shows the hackers of RansomExx ransomware.
According to an anonymous source of Bleeping Computer, its systems Pernambuco State Court (Tribunal de Justiça do Estado de Pernambuco - TJPE) were also hit by RansomExx ransomware on 27 October. The encrypted archives had received the .tjpe911 extension.
RansomExx (version of Defray777 ransomware) has been used by many attacks in June 2020 targeting large organizations.
The Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics and Tyler Technologies are also victims of RansomExx ransomware.
During their attacks, RansomExx operators breach victims' networks and steal undecrypt sensitive documents. Then they spread to other systems.