The Federal Police is investigating the ransomware attack that led to the suspension of STJ (Superior Court of Justice) activities. In a note released on Thursday (5), the PF stated that it began investigating the circumstances of the invasion and took initial steps with the help of court experts. On the same day, President Jair Bolsonaro indicated that the invader had already been identified.
“Hacking of the STJ collection. Then, folks, someone entered the collection of the STJ, Superior Court of Justice, right? He took everything, took the entire file there, saved it and asked for ransom ”, said Bolsonaro in his live broadcast on Facebook. “It’s Brazil, right? Ransom request… ”he continued.
“Well, the Federal Police took action immediately. I had the information from the general director of the PF, Mr. Rolando Alexandre. And he has already been praised by the president of the STJ for what he has achieved so far ”, continued the president. “They’ve already discovered who the ‘hacker’ is. You already found out, Cid [Mauro Cesar Barbosa Cid, assessor de Bolsonaro]? Have you found out? Gee, the guy hacked and couldn’t stay there for two hours, put it ”.
Despite Bolsonaro’s statement, the Federal Police and the Superior Court of Justice have not yet reported that the perpetrator of the attack has been identified.
PF does not rule out coordinated attack
Still in its note, the PF stated that “any related facts may be investigated in the same investigation, which is underway at the Regional Superintendence of the Federal Police in the Federal District”. The statement made reference to other public bodies that had their systems affected this week.
According to the Estadão, the Ministry of Health’s systems were the target of an attack on Thursday (5). The folder does not confirm the invasion, but said it prevented access to networks and VPN preventively. The services to external users, such as the one that allows to make appointments, would still be working.
However, the Braziliense Mail claims that the portfolio team fears the loss of data or the exposure of sensitive information. Despite the proximity between the events, the Ministry of Health states that, for now, it is not possible to say that there is a relationship between what happened in its systems and the case of the STJ.
The Federal District Economy Secretariat also recorded an attempt to attack the DF government system. The folder said its servers have been unavailable since 10 am on Thursday, but did not give a forecast of how much the situation will be normalized.
STJ fell victim to RansomExx, a malicious software that encrypted files about processes. The attack was identified on Tuesday (5) and, since then, the court has only released statements on its website. The page highlights information on the duty regime that will last until Monday (9) to allow the system to normalize. It also displays a note in which the STJ explains the situation.
According to the Court, “the hacker attack temporarily blocked, with the use of encryption, access to the data, which, however, are preserved in the court’s backup systems”. The statement also states that “the information on lawsuits, e-mail accounts and administrative contracts remains intact, keeping the court’s financial commitments unchanged, including regarding its payroll”.
STF and TSE reinforce security
Amid the unavailability in the STJ, other agencies reported, even without having identified invasion attempts, that they reinforced the security of their systems. The STF (Supreme Federal Court) stated that its Information Technology Secretariat “has not detected any abnormalities in the court system until now”, but, even so, “has tightened security protocols”.
The TSE (Superior Electoral Court), in turn, reported that “all security procedures in internal systems have been intensified”. A few days before the municipal elections, the agency also highlighted the security of the electronic ballot box.
“The ballot box is isolated equipment, which preserves one of the basic security requirements of the system. In addition, the totalization of votes after the information is sent by the Regional Electoral Courts (TREs) works through an encrypted private network ”, the note indicates.
With information: O Globo, G1, Agência Brasil.