hack Entire database, including backups, of the Brazilian Supreme Court of Justice encrypted by hackers

[LRossi]

Summary

The Brazilian Supreme Court of Justice, second-highest court in the Country (hierarchically beneath the Federal Supreme Court), suffered a cybernetic attack today. According to the report, the servers containing the entirety of the court's database have been encrypted by hackers, basically rendering the court useless until the issue has been dealt with. After encrypting the main database, the hackers managed to encrypt the backup servers as well. Technicians are trying to recover data from physical backup tapes. It is unsure at this point if all data will be recovered, or if a few days, weeks or months of data will be lost, including sensitive case files. No report was made so far if this was a case of ransomware or just foul play.

 

Quotes

Quote

The publication Bastidor states that third party companies and the Federal Police are attempting to unencrypt the servers, but there's no indication at the moment that the hired technicians will be able to do it in the next few days. The situation is made worse because even the Court's backups were encrypted by the criminals.

With that, the SCJ is completely blind at the moment, without access to a vast and historical database of court cases. The attack is certainly the worst ever perpetrated against a State institution in the history of the Country.

 

My thoughts

Well...shit.

An attack of such magnitude raises questions about a possible targeted attack, since this Court deals with cases involving very powerful people.

 

Sources

https://brazilian.report/tech/2020/11/05/massive-hackers-attack-brazilian-government-on-alert/

[In portuguese]: https://www.tecmundo.com.br/seguranca/206233-ataque-hacker-ter-atingido-stj-pf-investiga.htm

[TukangUsapEmenq]

 

10 minutes ago, LRossi said:

An attack of such magnitude raises questions about a possible targeted attack, since this Court deals with cases involving very powerful people.

Indeed I thought it's highly possible if it caused by one of them powerful people so...

Or might be a huge-ass ransomware case.

[CarlBar]

My question is why and how the backups where accessible from the main system to encrypt.

[minibois]

Wow, great job Brazil!

/s

 

Let's hope there is anyone around capable of digitizing those tapes

[LRossi]

24 minutes ago, CarlBar said:

My question is why and how the backups where accessible from the main system to encrypt.

Never been to Brazil, I assume?  hehe

[wanderingfool2]

1 hour ago, gabrielcarvfer said:

Most likely a stupid ransomware. I bet it was another SMB issue that the IT overlooked.

Or the classical management situation...IT says something needs upgrading/updating and management says too bad it's not in the budget, so key systems remain unpatched (due to being outdated)

[dilpickle]

No conspiracy needed. Most government systems have laughable security. Its actually amazing that there aren't more breaches than there are. We are all living in a fool's paradise.

[Mark Kaine]

18 minutes ago, dilpickle said:

No conspiracy needed. Most government systems have laughable security. Its actually amazing that there aren't more breaches than there are. We are all living in a fool's paradise.

That is true even if this *was* a conspiracy, though I don't believe it was... It just makes to much sense for criminal minds to do something like that, no conspiracy needed.

[Orange1]

4 hours ago, CarlBar said:

My question is why and how the backups where accessible from the main system to encrypt.

Its a 3rd world country, who knows if it was an inside job or not. Typically people would just blame Russia.

Was there any demand for money to get the info back?

[Akolyte]

6 hours ago, dhannemon13 said:

 

Indeed I thought it's highly possible if it caused by one of them powerful people so...

Or might be a huge-ass ransomware case.

You'd have to know the network pretty well to do that, or have someone very gullible inside of the organization. 

 

Attacks like this require recon and at some point along the line definitely some social engineering.  Definitely targeted, and there's probably going to be someone blamed within the organization. 

 

6 hours ago, CarlBar said:

My question is why and how the backups where accessible from the main system to encrypt.

It's pretty common as they want to save money, time and resources by having a main digital system they backup to.  

 

I'm glad they had tapes. 

 

Even then, the real question is how the attackers compromised the backups... a lot of governments have strict regulation on how long files must be retained, and usually these systems provide a method to enforce data retention which cannot be overwritten by anyone, even an administrator. 

 

Seems like whoever they are using as a service provider might be one of the issues. 

 

[SpaceGhostC2C]

2 hours ago, gabrielcarvfer said:

Read below.

(...) 

 

Sometimes people forget that the third world is the only one left, and we're all living in it. 

[TukangUsapEmenq]

2 hours ago, Akolyte said:

You'd have to know the network pretty well to do that, or have someone very gullible inside of the organization. 

 

Attacks like this require recon and at some point along the line definitely some social engineering.  Definitely targeted, and there's probably going to be someone blamed within the organization. 

Yeah, I actually thought the same if the attack came from someone powerful enough to do so.

It's definitely like them movies, but it's still possible (even only for little) somehow.

 

1 hour ago, Sakuriru said:

"Why do we need a cybersecurity person? The [developers/network engineers/data center engineers] can do that. Nothing bad has happened anyway." they say when the topic comes up. This disregard and complacency is based on poor decision making and poor risk assessment that, "If nothing bad has happened, nothing will happen." Of course, this statement couldn't be more wrong but people use it all the time to justify their risk taking behavior. It's a nasty thought habit humans have.

Couldn't agree more. Lots of people would just... Disregard security thingies because simply they have to see if they're down first. And, well. Could blame someone that don't wanna expense some money on cybersecurity people for the sake of something like this.

[LRossi]

Update: apparently, the hacker has the court's data and experts fear a major leak on classified and sensitive cases. The Court's website is still down (https://www.stj.jus.br/), with just some updates posted on the efforts made so far.