Cyber Incident Victim: Instituto Federal do Pará

On January 21, 2023, the Instituto Federal Do Pará (IFPA), a public education institution in Brazil, was listed on the AlphV (BlackCat) ransomware group’s data leaks site. BlackCat claimed responsibility for a cyberattack against the institution, alleging that IFPA had ignored their ransom demands. The group threatened to publish and sell employee and student data unless their demands were met. As proof of compromise, BlackCat posted a proofpack containing screenshots of directory folders, though no actual file contents were visible in the images. Folder names visible in the screenshots suggested they might correspond to individuals, potentially students or staff. No additional technical details about the attack vector, data exfiltration volume, or specific ransom demands were disclosed by the group.

IFPA did not publicly acknowledge the incident through official channels following BlackCat’s claims. External inquiries sent via email to the institution regarding the attack received no response, and no incident notifications appeared on IFPA’s website or social media platforms as of the reporting date. BlackCat’s representative provided inconsistent information when questioned directly about ransom communications; their administrative contact responded “I don’t know” when asked via Tox whether any ransom demand had been sent to IFPA. The absence of confirmed data disclosures beyond the folder screenshots left the full scope of potential data exposure unverified. Operational disruptions to IFPA’s systems or academic activities were not reported in available sources. The incident remained unresolved in public reporting as of January 22, with no subsequent updates from either IFPA or BlackCat regarding data publication, payment negotiations, or recovery efforts.