Cyber Incident Victim: Prefeitura de Morretes
Date:
Jul 2024
Location:
Brazil
Summary
The Prefeitura de Morretes experienced a ransomware attack compromising its servers, leading to widespread data compromise and rendering municipal systems inaccessible. Following detection, the IT team implemented immediate containment measures, though preliminary assessments confirmed significant disruption to operational services across all departments. A police report was filed to initiate formal investigations while recovery efforts remain ongoing to restore functionality. Municipal services were suspended for an extended period due to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the weekend preceding July 27, 2024, the municipal servers of Prefeitura de Morretes suffered a cyberattack involving ransomware deployment. The attack compromised systems through a virus designed to encrypt data, though specific entry vectors or attacker identities remained unspecified in official communications. Municipal technology personnel confirmed the intrusion on July 27 and initiated immediate containment protocols to isolate affected infrastructure. Preliminary technical assessments indicated extensive data compromise across primary servers, rendering critical municipal systems inaccessible to administrative departments. This disruption halted digital operations across all municipal services, though physical office functions continued with manual workarounds where feasible. The ransomware’s execution prevented routine access to databases, applications, and communication platforms essential for daily governance tasks. No explicit ransom demands or communication channels with threat actors were disclosed in the public bulletin.
The operational paralysis prompted the issuance of Decree No. 1670 on August 2, 2024, formally suspending all digital municipal services until August 5 to facilitate forensic analysis and system restoration. This suspension affected citizen-facing services including licensing, payments, and records management, though emergency services maintained operations through alternative protocols. Authorities filed a police report (Boletim de Ocorrência) to initiate criminal investigations, though no law enforcement agency or specialized cybersecurity unit was named in the announcement. Municipal IT teams prioritized infrastructure isolation and damage assessment without detailing data recovery methods or potential backups. Restoration timelines remained undefined beyond the initial five-day service suspension period, with no public clarification on whether decryption keys were obtained or systems required rebuilding from scratch. The incident’s full scope regarding data exfiltration, financial impacts, or third-party breaches was not quantified in available statements.