Cyber Incident Victim: Biblioteca Nacional

On or around April 11, 2021, the website of Brazil's Biblioteca Nacional (National Library) suffered a ransomware attack that forced administrators to take the systems offline. The institution, linked to the Special Secretariat for Culture, proactively shut down its servers following the initial intrusion to mitigate potential damage and prevent further unauthorized access. This immediate containment action aimed to isolate compromised infrastructure and protect sensitive data. However, when technical staff reactivated the website on April 13, 2021, the systems experienced a second ransomware attack, indicating either incomplete remediation of the initial compromise or a new intrusion vector. The repeated incidents caused extended service disruption, leaving the library's online resources inaccessible to the public for multiple days.

The Biblioteca Nacional publicly acknowledged the cybersecurity incident via Twitter on April 15, 2021, confirming technical problems first reported on April 12 (the Monday following the initial Sunday attack). Their statement clarified that technical teams identified the attacks and deliberately took servers offline as a protective measure, with plans to restore services only after achieving "total security." The institution formally notified Brazil's Office of Institutional Security of the Presidency of the Republic to investigate the breaches, engaging national-level cybersecurity authorities. No technical details regarding the ransomware variant, data exfiltration claims, threat actor group, or ransom demands were disclosed publicly. The attacks disrupted access to digital collections and research portals managed by the federally administered cultural institution.