{
	"id": "8bd25098-3a8d-42c0-9f29-8984317e4281",
	"created_at": "2026-04-06T00:11:30.160347Z",
	"updated_at": "2026-04-10T03:24:29.312285Z",
	"deleted_at": null,
	"sha1_hash": "8f926c096ad2de0a6c89da9df2e16bdfdf66fcd1",
	"title": "Brazil's Rio Grande do Sul court system hit by REvil ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1606056,
	"plain_text": "Brazil's Rio Grande do Sul court system hit by REvil ransomware\r\nBy Lawrence Abrams\r\nPublished: 2021-04-29 · Archived: 2026-04-05 21:09:54 UTC\r\nBrazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that\r\nencrypted employee's files and forced the courts to shut down their network.\r\nTribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the court system for the Brazilian state of Rio Grande do Sul.\r\nThe attack started yesterday morning when employees suddenly found that all of their documents and images were no longer\r\naccessible and ransom notes had appeared on their Windows desktops.\r\nhttps://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nSoon after the attack started, the official TJRS Twitter account warned employees not to log in to the TJ network's systems\r\nlocally or via remote access.\r\n\"The TJRS informs that it faces instability in computer systems. The systems security team advises internal users not to\r\naccess computers remotely, nor to log into computers within the TJ network,\" tweeted the TJRS court system.\r\nTweet from TJRS\r\nREvil ransomware responsible for the cyberattack\r\nA Brazilian security researcher known as Brute Bee shared a screenshot with BleepingComputer of employees sharing the\r\nransom notes and discussing the attack between each other.\r\nhttps://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nPage 3 of 5\n\nScreenshot of ransom notes from the attack\r\nThese ransom notes are for the REvil ransomware operation, which BleepingComputer has independently confirmed was\r\nresponsible for the attack.\r\nBleepingComputer was told that the REVil ransomware operation demanded a $5,000,000 ransom to decrypt files and not\r\nleak data.\r\nIn a translated audio recording shared with BleepingComputer, a person described the attack as \"horrible\" and \"the worst\r\nthing that ever happened there,\" with IT staff having a \"hysterical stress attack\" as they rush to restore thousands of devices.\r\nThis cyberattack is not the first ransomware attack on Brazil's court systems.\r\nThis past November, Brazil's Superior Court of Justice was attacked by the RansomEXX ransomware gang who began\r\nencrypting devices in the middle of video conference court sessions.\r\nAt the same time, websites of other Brazilian federal government agencies were offline, but it was not clear if they were shut\r\ndown to be safe or under attack.\r\nThis is a developing story ...\r\nH/T  Brute Bee\r\nhttps://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/"
	],
	"report_names": [
		"brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434290,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8f926c096ad2de0a6c89da9df2e16bdfdf66fcd1.pdf",
		"text": "https://archive.orkl.eu/8f926c096ad2de0a6c89da9df2e16bdfdf66fcd1.txt",
		"img": "https://archive.orkl.eu/8f926c096ad2de0a6c89da9df2e16bdfdf66fcd1.jpg"
	}
}