Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

Ransomware Hits Brazilian National Treasury

Scope of Incident Remains Unclear
Ransomware Hits Brazilian National Treasury
(Photo: Jorono via Pixabay)

Watch for updates to this developing story.

The Brazilian government has confirmed that its National Treasury fell victim to a ransomware attack Aug. 13. The scope of the incident remains unclear, although officials say it did not damage structural systems.

See Also: OnDemand | Defining a Detection & Response Strategy

The nation's Ministry of Economy confirmed in a statement that its internal network was targeted in the breach and that "containment measures were immediately applied." The Federal Police were also notified.

"The effects of the criminal action are currently being evaluated by security specialists from the National Treasury Secretariat and the Digital Government Secretariat," according to the statement. It notes that the "action did not damage [structural] systems" - including platforms related to public debt administration. Officials say they will provide more details "in a timely manner."

In a statement jointly released with the Brazilian Stock Exchange, government officials confirmed that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. Officials said "purchases and sales can still be carried out normally."

Brazilian government officials did not immediately respond to a request for additional information.

Other Cyberattacks

The ransomware attack targeting Brazil's National Treasury follows an incident that struck the nation's Superior Court of Justice in November. After that file-encrypting attack was detected, the court system temporarily shut down its IT network.

Network outages lasted two weeks. Researchers later attributed the attack to the ransomware gang RansomEXX, which has targeted both Windows and Linux servers.

The security firm Kaspersky says the RansomExx malware strain, first spotted in June 2020, has been tied to attacks on the Texas Department of Transportation and tech company Konica Minolta (see: RansomEXX Ransomware Can Now Target Linux Systems).

Another ransomware incident, later attributed to the REvil criminal gang - which was behind the July attack on remote management software vendor Kaseya - hit the court system for the Brazilian state of Rio Grande do Sul in April, forcing a network shutdown (see: Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack).

Another cyberattack disrupted the Brazilian aerospace firm Embraer in November. The company said the attack resulted in the disclosure of data "allegedly attributed to the company" and made "access to a single environment of the company's files unavailable," according to a statement.

About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as, and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.