Brazil's TJRS

Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee’s files and forced the courts to shut down their network.

Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the court system for the Brazilian state of Rio Grande do Sul.

The attack started yesterday morning when employees suddenly found that all of their documents and images were no longer accessible and ransom notes had appeared on their Windows desktops.

Soon after the attack started, the official TJRS Twitter account warned employees not to log in to the TJ network’s systems locally or via remote access.

“The TJRS informs that it faces instability in computer systems. The systems security team advises internal users not to access computers remotely, nor to log into computers within the TJ network,” tweeted the TJRS court system.

Tweet from TJRS
Tweet from TJRS

REvil ransomware responsible for the cyberattack

A Brazilian security researcher known as Brute Bee shared a screenshot with BleepingComputer of employees sharing the ransom notes and discussing the attack between each other.

Screenshot of ransom notes from the attack
Screenshot of ransom notes from the attack

These ransom notes are for the REvil ransomware operation, which BleepingComputer has independently confirmed was responsible for the attack.

BleepingComputer was told that the REVil ransomware operation demanded a $5,000,000 ransom to decrypt files and not leak data.

In a translated audio recording shared with BleepingComputer, a person described the attack as “horrible” and “the worst thing that ever happened there,” with IT staff having a “hysterical stress attack” as they rush to restore thousands of devices.

This cyberattack is not the first ransomware attack on Brazil’s court systems.

This past November, Brazil’s Superior Court of Justice was attacked by the RansomEXX ransomware gang who began encrypting devices in the middle of video conference court sessions.

At the same time, websites of other Brazilian federal government agencies were offline, but it was not clear if they were shut down to be safe or under attack.

This is a developing story …

H/T  Brute Bee