Cyber Incident Victim: Prefeitura de Porto Nacional
Date:
Jun 2025
Location:
Brazil
Summary
The municipal administration of Porto Nacional suffered a ransomware attack that disabled its internal file and geospatial mapping systems, leaving staff without internet access for several hours. Officials said the malware encrypted data and threatened to release personal information, but technicians confirmed no files were copied or exfiltrated. The city reported it holds about 20 terabytes of data, making large‑scale theft impractical, and noted that daily backups are being restored to resume normal operations. No leakage of citizen or administrative records occurred, and the jurisdiction has filed a police report to investigate the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of Monday, June 23, 2025, and continuing into the morning of Tuesday, June 24, 2025, the Prefeitura de Porto Nacional was targeted by a cyberattack. The attack involved a ransomware virus that encrypted internal files and the city’s geomapeamento systems. According to the municipal Secretariat of Technology, the ransomware aimed to demand a financial payment for the release of the encrypted data. The perpetrators also left a threat to disclose personal data, although they were unable to copy or store any files.
The ransomware infection caused the municipal internal systems to go offline, leaving all administrative sectors without internet access throughout the morning of June 24. The affected systems consisted of internal file storage and geographic mapping databases, which the municipality stated do not contain server or taxpayer data. The municipality reported that it maintains approximately 20 terabytes of data, a volume that would make exfiltration impractical for the attackers in the short term. Officials noted that a newly implemented daily backup system was already being used to restore the encrypted files, a process expected to take time due to the large data size.
Garibaldi Neto, the executive secretary of Technology, affirmed that the backup restoration was underway and that no leakage of contributor or electronic process data had occurred. The municipal Legal Prosecutor’s Office announced that a formal occurrence would be filed with the Civil Police to initiate an investigation and identify those responsible for the attack. The municipality committed to cooperating with law enforcement while continuing the recovery of its systems.