Cyber Incident Victim: Ministério das Relações Exteriores do Brasil
Date:
May 2017
Location:
Brazil
Summary
A ransomware attack disrupted multiple Brazilian government systems, including the Foreign Ministry, state oil company Petrobras, and the social security agency, prompting precautionary computer disconnections and cancellation of public services. Court systems and prosecutors in São Paulo were also affected, though intelligence archives reportedly remained secure. The incident occurred amid a global cyberextortion campaign exploiting vulnerabilities in outdated Windows software, impacting hospitals, factories, and infrastructure worldwide. While Brazilian authorities contained the incident without data compromise, the attack highlighted systemic risks to organizations relying on unpatched systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The global ransomware cyberattack that emerged on May 12, 2017, significantly impacted Brazil's government infrastructure, including the Foreign Ministry, state-owned oil company Petrobras, and the national social security system. These entities were forced to disconnect computers as a precautionary measure, disrupting operations. Brazil's social security system canceled public access to its services following the infection. Judicial systems in approximately a dozen Brazilian courts and prosecutors' offices in São Paulo were also compromised. The office overseeing Brazil's National Intelligence Agency confirmed no evidence of compromised government archives but did not specify the full extent of data exposure or operational downtime. The attack’s propagation within Brazil mirrored the broader international pattern of exploiting unpatched Windows systems, though the initial infection vector within Brazilian agencies was not detailed in available reports.
This incident formed part of a coordinated global ransomware campaign identified as "WannaCry," which leveraged a Windows vulnerability allegedly developed by the U.S. National Security Agency and later leaked. The malware encrypted files on infected systems, demanding ransom payments for decryption. Microsoft had released a patch for the vulnerability in March 2017, but many organizations, including Brazil’s affected entities, had not applied the update. The attack’s spread was partially mitigated when a cybersecurity researcher in Britain inadvertently activated a "kill switch" by registering a dormant domain embedded in the malware. Despite this intervention, Europol described the attack as unprecedented in scale, affecting over 74 countries and crippling critical infrastructure worldwide, including UK hospitals, Renault manufacturing plants, and Deutsche Bahn’s display systems. Microsoft responded by releasing free security updates for outdated operating systems like Windows XP, which were no longer routinely supported. Brazil’s incident response focused on containment through network disconnections, though restoration timelines and financial losses were not publicly disclosed. The attack underscored systemic vulnerabilities in legacy IT infrastructure across public and private sectors globally.