{
	"id": "d827af59-f6ca-4e34-9dc6-6e5da13182a5",
	"created_at": "2026-04-06T00:11:31.507275Z",
	"updated_at": "2026-04-10T03:21:32.62678Z",
	"deleted_at": null,
	"sha1_hash": "d6b78ee02b65811325f099e1df921390e2c2ed96",
	"title": "Brazil's court system under massive RansomExx ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1371932,
	"plain_text": "Brazil's court system under massive RansomExx ransomware attack\r\nBy Sergiu Gatlan\r\nPublished: 2020-11-05 · Archived: 2026-04-05 22:03:44 UTC\r\nBrazil's Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking\r\nplace over video conference.\r\n\"The Superior Court of Justice (STJ) announces that the court's information technology network suffered a hacker attack on\r\nTuesday (3), during the afternoon, when the six group classes' judgment sessions took place,\" STJ President Humberto\r\nMartins said in an official statement on the Supreme Federal Court's website.\r\n\"The Secretariat for Information and Communication Technology (STI) is working on systems recovery to restore all court\r\nservices as quickly as possible.\"\r\nhttps://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nBrazilian journalist Mateus Nunes has told BleepingComputer that the websites of multiple other Brazilian federal\r\ngovernment agencies are also currently offline.\r\nHowever, it is not yet known if they were attacked by the same threat actors or if they are hosted on the same site as the\r\ncourts.\r\nSystems offline two days later\r\nThe systems of the Superior Tribunal de Justiça (aka STJ) were shut down to stop the spread throughout the court's network\r\nbut not before all case files and backups were encrypted according to STJ IT specialists.\r\nTwo days after the ransomware attack took place, the Superior Court of Justice website and systems are still offline until all\r\nsystems will be fully restored.\r\n\"A Domain Admin account was exploited which allowed the hacker to have access to our servers, to enter into\r\nadministration groups of the virtual environment and, finally, encrypt a good part of our virtual machines,\" as one of the IT\r\ntechnicians told O Bastidor.\r\nSTJ \"will operate on duty until next Monday,\" November 9, and all judgment sessions, virtual and / or by video conference\r\nwill be either suspended or canceled until the court network's security will be restored.\r\nThe court's IT department also advised all users including judges, interns, and outsourced workers not to use any computers\r\n(personal ones included) if they were or are still connected to the court's network.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\n\"According to the resolution, administrative, civil and criminal procedural deadlines are suspended from the 3rd to the 9th of\r\nNovember (inclusive), returning to flow on the 10th,\" a statement on the court's website said.\r\n\"For the purpose of counting the term in criminal proceedings, the suspension period will be considered a reason of force\r\nmajeure, according to the provision of paragraph 4 of article 798 of the Code of Criminal Procedure (CPP). Also according\r\nto the resolution, the measures can be reviewed at any time, depending on the result of efforts to normalize the systems.\"\r\nRansomExx behind the attack\r\nWhile the official STJ statements do not mention the ransomware gang responsible for this attack, a ransom note recovered\r\nfrom one of the encrypted computers shows that the RansomExx gang was behind it.\r\nRansomExx sent BleepingComputer the following message when contacted for more details regarding the attack:\r\nHello,\r\nIgnore this message if you aren't officially represent whole affected company.\r\nSend us any encrypted file (not greater than 1MB) for test decryption.\r\nThen we will send you detailed instructions.\r\nThis step is necessary because we don't share such information for anyone except authorized persons.\r\nSpeak english.\r\nAccording to an anonymous source, Pernambuco State Court of Justice (Tribunal de Justiça do Estado de Pernambuco —\r\nTJPE) systems were also hit by RansomExx on October 27, with their files being encrypted using the .tjpe911 extension.\r\nRansomExx is a rebranded Defray777 ransomware version that became a lot more active during June 2020 and known for\r\nattacking high-profile organizations.\r\nhttps://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nPage 3 of 5\n\nSTJ ransom note\r\nThe Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, and Tyler Technologies are among the\r\ngang's previous victims.\r\nDuring their attacks, RansomExx's operators compromise the victims' networks and steal unencrypted sensitive documents\r\nwhile spreading laterally to other systems.\r\nOnce the RansomExx operators successfully compromise the victims' Windows domain controller, they deploy the\r\nransomware payloads on all available network devices.\r\nThis is a developing story ...\r\nH/T Altieres\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nPage 4 of 5\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/brazils-court-system-under-massive-ransomexx-ransomware-attack/"
	],
	"report_names": [
		"brazils-court-system-under-massive-ransomexx-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434291,
	"ts_updated_at": 1775791292,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d6b78ee02b65811325f099e1df921390e2c2ed96.pdf",
		"text": "https://archive.orkl.eu/d6b78ee02b65811325f099e1df921390e2c2ed96.txt",
		"img": "https://archive.orkl.eu/d6b78ee02b65811325f099e1df921390e2c2ed96.jpg"
	}
}