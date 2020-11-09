Ransomware hits Brazil’s Superior Court & other Federal agencies – Security Experts Perspectives

Brazil’s Superior Court of Justice (STJ) President Humberto Martins announced that “the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place. The Secretariat for Information and Communication Technology (STI) is working to recover the systems of services offered by the Court.” Security Experts offer perspective.

Chloé Messdaghi, VP of Strategy,  Point3 Security
November 09, 2020
The public sector is far more exposed than most realize.
It’s important to understand that the Brazil Court system moved quickly and correctly. They immediately shut the network as a precautionary measure to prevent further infection. However, the attack likely encrypted data, email, and resources critical to court proceedings, which all but inevitably put peoples’ lives on hold. Fortunately, the Brazil Superior Court has announced it expects to be ....
[Read More >>]
Dan Piazza, Technical Product Manager,  Stealthbits Technologies
November 09, 2020
A hallmark of modern ransomware is this lateral movement.
While this attack hasn't done anything extraordinary, it's a perfect example of how compromising a Domain Admin gives attackers the keys to the kingdom. Although we don't know what defensive measures were previously deployed by the Superior Court of Justice's IT department, it seems RansomExx was easily able to move laterally within the organization until they gained admin privileges and control o ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
November 09, 2020
The fact that backups were accessible and vulnerable to encryption is alarming.
The attack against Brazil’s Superior Court is another example of a high profile target suffering a major outage due to ransomware. Unfortunately, the attackers were apparently able to compromise an Admin level account, which let them place their ransomware where it could do the most damage, taking out case files as well as backups. While a behavioral analytics tool could have identified the co ....
[Read More >>]

