Cyber Incident Victim: Banco de Brasília

On October 3, 2022, ransomware compromised systems at the Bank of Brasilia, a Brazilian government-controlled financial institution. Attackers demanded 50 Bitcoin (BTC) as payment to prevent the public release of customer data. A hacker using the alias "Crydat" contacted Brazilian news outlet Tecmundo to issue the ransom ultimatum, specifying a deadline of October 6 at 15:00 local time for payment of 5.2 million Brazilian reais (equivalent to approximately 50 BTC at the time). The bank did not publicly confirm operational disruptions or specify which systems or data repositories were affected by the attack. No technical details about the ransomware variant, initial attack vector, or data exfiltration methods were disclosed in available reports.

The Bank of Brasilia maintained public silence regarding the attackers' demands and did not release statements about mitigation efforts or potential negotiations. Brazil's Special Police Department for the Suppression of Cybercrime, a division of the Federal Police, initiated an investigation into the incident. Media coverage highlighted concerns about potential exposure of customer financial data but contained no verified reports of actual data leaks occurring before the payment deadline. The incident marked one of the first major ransomware attacks against a Brazilian government-affiliated bank publicly reported in 2022. Authorities did not disclose whether the October 6 deadline passed with or without payment, and no subsequent data dumps were attributed to this incident in immediate follow-up reporting.