Cyber Incident Victim: Prefeitura de Paranhos
Date:
Feb 2025
Location:
Brazil
Summary
The Prefeitura de Paranhos experienced a cyberattack compromising municipal systems including human resources, accounting, and tax platforms, accompanied by an extortion demand of R$12,000 to prevent sensitive data leaks. Attackers claimed to have planted compromising files in the network and threatened public disclosure unless paid, prompting authorities to file a police report citing violations of Brazilian Penal Code articles for extortion and unauthorized computer access. The municipal attorney's office attached evidence including criminal emails and stored files to support the investigation aimed at identifying perpetrators and mitigating damages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 19, 2025, the Municipal Administration of Paranhos filed a police report following the identification of a cyberattack that compromised critical municipal systems. Unauthorized access targeted three administrative platforms: SIP-Folha (Human Resources), SCPI (Accounting), and SIA (Taxation), disrupting core operational functions. The breach involved an extortion attempt, with perpetrators sending an email to the municipality demanding a payment of R$ 12,000 to prevent the public release of sensitive data. In the communication, attackers claimed to have implanted compromising files within the network and explicitly threatened disclosure if the ransom was not paid. This demand linked financial extortion to the potential exposure of municipal data, establishing a direct coercive motive. The incident was formally classified under Article 158 of the Brazilian Penal Code, which defines extortion as obtaining economic advantage through grave threats, and Article 154-A, addressing unauthorized access to computer devices. Municipal systems remained impaired following the intrusion, though the full operational impact was not quantified in the initial report.
The Municipal Procuradoria led the institutional response, submitting digital evidence to support a criminal investigation. Attachments to the police report included the extortion emails and files retrieved from a hard drive, providing forensic material for law enforcement. Authorities initiated procedures to identify the perpetrators and implement measures to mitigate damages from the attack, though specific technical containment actions were not detailed. No public confirmation was provided regarding data exfiltration or the presence of the alleged compromising files referenced in the threat. The case underscored dual criminal violations—financial extortion coupled with unauthorized system access—while highlighting vulnerabilities in municipal IT infrastructure. Legal proceedings focused on prosecuting under existing cybercrime statutes, with no immediate resolution or recovery timeline disclosed.