The system of the Rio Grande do Sul Court of Justice (TJRS) has been under attack by a ransomware – a type of virus that hijacks the system and usually asks for ransom in bitcoin – since the early hours of Wednesday (28).
Because of the virtual onslaught, websites, e-mails, files stored by servers and systems of the Rio Grande do Sul judiciary were affected, which altered the judge's routine and led to the suspension of hearings.
The State Civil Police investigates the case. In an interview with Rádio Gaúcha this Friday afternoon (30), delegate André Anicet, from the Police Crimes Enforcement Office (DRCI), said that he works with TJRS technicians to find out what happened.
“We are still investigating. Any computer could be the cause of the attack. A virus on a public server machine, for example, could open a breach for the criminal to access the court system, ”he said.
According to the delegate, this type of attack – more common in private companies that do not protect their databases – is complex to investigate, as criminals use mechanisms and tools that mask the origin, such as VPNs and the Thor browser, which facilitates anonymity.
“But every virtual crime leaves traces, like registered IP and date and time. So it is possible to reach a criminal, although the path is difficult. No hypothesis has been ruled out, ”he said.
According to the newspaper Zero Hora, the court system has displayed messages asking for payment of ransom information in bitcoins, which is common in this type of attack.
When consulted, the advisory office of the organ's presidency did not confirm the information. He just said that the TJRS computers are not being used as determined by the IT team. No ransom requests would have been made until then.
The Civil Police also did not confirm whether there was a request for cryptocurrencies. In the interview with Rádio Gaúcha, the delegate said only that random messages would be displayed.
According to notes published by the TJRS on its official Facebook page, the court's technicians have already managed to recover some systems.
SEI – document and process management tool – and Eproc, which allows electronic petitioning, have already been reestablished. Internal employee programs, such as webmail, have also returned to work.
Remote access, use of workstations within the network and telephone assistance, however, are not yet fully operational.