Ransomware Hits Brazilian National TreasuryScope of Incident Remains Unclear
Watch for updates to this developing story.
The Brazilian government has confirmed that its National Treasury fell victim to a ransomware attack Aug. 13. The scope of the incident remains unclear, although officials say it did not damage structural systems.
The nation's Ministry of Economy confirmed in a statement that its internal network was targeted in the breach and that "containment measures were immediately applied." The Federal Police were also notified.
"The effects of the criminal action are currently being evaluated by security specialists from the National Treasury Secretariat and the Digital Government Secretariat," according to the statement. It notes that the "action did not damage [structural] systems" - including platforms related to public debt administration. Officials say they will provide more details "in a timely manner."
In a statement jointly released with the Brazilian Stock Exchange, government officials confirmed that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. Officials said "purchases and sales can still be carried out normally."
Brazilian government officials did not immediately respond to a request for additional information.
The ransomware attack targeting Brazil's National Treasury follows an incident that struck the nation's Superior Court of Justice in November. After that file-encrypting attack was detected, the court system temporarily shut down its IT network.
Network outages lasted two weeks. Researchers later attributed the attack to the ransomware gang RansomEXX, which has targeted both Windows and Linux servers.
The security firm Kaspersky says the RansomExx malware strain, first spotted in June 2020, has been tied to attacks on the Texas Department of Transportation and tech company Konica Minolta (see: RansomEXX Ransomware Can Now Target Linux Systems).
Another ransomware incident, later attributed to the REvil criminal gang - which was behind the July attack on remote management software vendor Kaseya - hit the court system for the Brazilian state of Rio Grande do Sul in April, forcing a network shutdown (see: Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack).
Another cyberattack disrupted the Brazilian aerospace firm Embraer in November. The company said the attack resulted in the disclosure of data "allegedly attributed to the company" and made "access to a single environment of the company's files unavailable," according to a statement.