420GB of data stolen in ransomware attack on South American financial center Rio’s financial system

The financial system of the Brazilian state of Rio de Janeiro was attacked by LockBit ransomware, 420GB of data was stolen, and the data would be released immediately if the ransom was not paid;

·It is reported that this batch of data was stolen from the Sefaz-RJ system, accounting for about 0.05% of the total data storage of the state financial department;

· LockBit is one of the most popular ransomware-as-a-service platforms, with data showing that it has attacked at least 650 targeted organizations this year.

On April 22, the finance minister of the Brazilian state of Rio de Janeiro disclosed that the department is currently dealing with a ransomware attack on its systems.

The LockBit ransomware gang claimed responsibility for the incident. They hacked into the systems connected to government offices and stole about 420 GB of data. The gang also threatened to release the stolen data today (25th).

A spokesman for the Rio de Janeiro state finance minister said in a statement that they had contacted Brazil’s digital crime enforcement agency after discovering that cyber criminals had hacked systems and made threats.

The spokesperson pointed out, “In the threat issued last Thursday (21st), malicious hackers demanded a ransom payment or disclosed the data allegedly stolen from the Sefaz-RJ system. The stolen data accounts for about all the data of the state treasury department. 0.05% of storage.”

Rio de Janeiro is the second-largest city in Brazil, second only to Sao Paulo in GDP. It is also the headquarters of many state-owned enterprises such as Petrobras, Brazil’s National Electricity Company, Brazil’s Federal Savings Bank, the National Economic and Development Bank, and Brazil’s Vale.

As one of the financial centers of South America, Rio de Janeiro ranks 30th in GDP among all cities in the world. In 2021, the city exports goods worth $32.5 billion.

The Deputy Secretariat for Information and Communication Technology also pointed out in an interview with the media that they have offered to cooperate with the police to carry out the investigation.

The spokesperson also mentioned that “since 2020, the Deputy Secretariat has made strengthening data protection a priority. Thanks to this, this attack did not have a particularly serious follow-up impact.”

“This is evidence of the effectiveness of previous preventive actions.”

According to the ransomware tracking program maintained by threat intelligence firm Recorded Future, LockBit has become the second most active ransomware organization after the Conti gang this year. The data also shows that they have attacked at least 650 targeted organizations this year.

In August 2021, the Australian Cyber Security Centre (ACSC) issued an advisory warning that the number of LockBit ransomware attacks was surging.

The gang has remained operational since September 2019 but remained on the fringes until it later developed an entirely new platform version of LockBit 2.0 ransomware-as-a-service.

With the demise or exit of hacker gangs like Darkside, Avanddon, and Ravil, LockBit has become one of the most common ransomware-as-a-service platforms today.

In recent years, cyber-attacks and data breaches have become increasingly hot topics. Both businesses and organizations need to be vigilant and take advantage of backups for data protection. The original backup tools are no longer enough to meet the backup needs of enterprises.

Thus, virtual machine backups are born out of nowhere. Virtual machine backup can achieve maximum capacity backup at a low cost and is very easy to manage. On the same server, multiple virtual machines can be operated at the same time.