The Brazilian gov’t has released a note stating the National Treasury has been hit with a ransomware attack on Friday The 13th which is ironic in my mind:
According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration.
The effects of the ransomware attack are being analyzed by security specialists from the National Treasury and the Digital Government Secretariat (DGS). The Federal Police has also been notified. The Ministry noted new information on the incident “will be disclosed in a timely manner and with due transparency”.
A further statement released jointly with the Brazilian Stock Exchange today (16) noted that the attack did not affect “in any way” the operations of Tesouro Direto – a program that enables the purchase of Brazilian government bonds by individuals.
Here’s what Eddy Bobritsky, CEO of www.minerva-labs.com had to say about this:
Ransomware attacks are increasing every year. We see it in every country and every sector.
Strong protection measures should be taken by the Brazilian National Treasury and other Ministry offices. Their actions should be rapid, and they should select the right ransomware prevention tools – those that do not require identification or prediction, because these common tools have a huge gap In the time between the detection process and the protection from the attack.
The Brazilian cyber security teams should also keep in mind that modern attacks are built to bypass security tools, so to fully prevent attacks they should deploy tools that can stop attacks that were initially built to bypass security tools.
Hopefully the Brazilian’s take this advice seeing as they have been pwned before:
The incident at the National Treasury follows a major cyberattack that emerged in November 2020, against the Brazilian Superior Electoral Court. The attack brought the Court’s systems to a standstill for over two weeks.
Hopefully, they won’t be pwned again.