Brazil’s Superior Tribunal de Justiça has temporarily shut down after a suspected ransomware attack.
The Tribunal (STJ) is second-highest of Brazil’s courts and is the highest court that decides on federal matters other than constitutional law. At the time of writing, the court’s website consists of nothing but a series of updates on the attack. Those notifications state that a virus attack was detected on November 3, when court networks were shut down as a precaution.
The most recent update says the attacked encrypted data related to legal proceedings, email, and administrative contracts. The statement says the data has been backed up and that work to restore systems is under way, with court business to resume on Monday November 9. Which will be more than welcome because hundreds of cases have been suspended due to the incident.
Global heatmap of cheater density says Brazil is the worst at video games, but there’s no data on China
Local media report Brazilian president Jair Bolsonaro saying the authorities have identified the culprits.
Brazilian tech news outlet CISO Advisor claims it has viewed an internal report on the incident that suggests it was a deliberate action by organised crime figures, possibly a collaboration between local and offshore players.
The outlet also says that virtual machines were encrypted and deleted, which is explosive as reaching guest VMs suggests a possible compromise of hypervisor security. And hypervisors’ big selling point is that they completely isolate guests. An attack that encrypts guests would, theoretically, need to pick them off one by one.
The Register is aware of a similar-sounding case discussed in an October Reddit post alleging that ransomware reached shared storage that holds virtual machine files managed by VMware ESXi. We consulted VMware experts who cast doubt on that scenario as a viable ransomware vector. ®