Brazil's Rio Grande do Sul Court System Hit by REvil Ransomware Attack Causing Network Shutdown

Brazil's Rio Grande do Sul Court System Hit by REvil Ransomware Attack Causing Network Shutdown


Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network.


Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the court system for the Brazilian state of Rio Grande do Sul.


The attack started yesterday morning when employees suddenly found that all of their documents and images were no longer accessible and ransom notes had appeared on their Windows desktops.


Soon after the attack started, the official TJRS Twitter account warned employees not to log in to the TJ network's systems locally or via remote access.


"The TJRS informs that it faces instability in computer systems. The systems security team advises internal users not to access computers remotely, nor to log into computers within the TJ network," tweeted the TJRS court system.



Tweet from TJRS

REvil ransomware responsible for the cyberattack


A Brazilian security researcher known as Brute Bee shared a screenshot with BleepingComputer of employees sharing the ransom notes and discussing the attack between each other.



Screenshot of ransom notes from the attack

These ransom notes are for the REvil ransomware operation, which BleepingComputer has independently confirmed was responsible for the attack.


BleepingComputer was told that the REVil ransomware operation demanded a $5,000,000 ransom to decrypt files and not leak data.


In a translated audio recording shared with BleepingComputer, a person described the attack as "horrible" and "the worst thing that ever happened there," with IT staff havi ..