Cyber Incident Victim: Tribunal de Justicia de Quintana Roo
Date:
Aug 2022
Location:
Mexico
Summary
A ransomware attack targeted the Tribunal de Justicia de Quintana Roo, disrupting judicial operations and prompting the indefinite suspension of scheduled hearings, particularly in penal matters. The incident forced the judicial institution to cancel proceedings and advise staff against opening emails to prevent further malware spread. Internal communications relayed updates to affected parties, including legal advisors and prosecutors, while no official public statement was issued by the judiciary. The attack occurred shortly before a leadership transition within the tribunal, exacerbating operational challenges. System failures initially attributed to technical issues were later confirmed as part of the cyber intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 9, 2022, the Tribunal de Justicia del Estado de Quintana Roo (TJQROO) experienced a ransomware attack that disrupted judicial operations. The attack was detected in the morning, leading to the immediate suspension of all scheduled court hearings, particularly affecting penal proceedings. Initially, authorities attributed the disruption to a generic "system failure," but as the day progressed, IT personnel confirmed it was a ransomware incident. Staff received instructions to avoid opening any email links to prevent further propagation of the malware across the Judicial Power’s network. The suspension of hearings transitioned from temporary to permanent as system assessments continued, with no immediate restoration timeline provided.
The attack forced the indefinite postponement of all affected hearings, requiring notifications to victims, public prosecutors, and legal advisors about rescheduling. No official public statement was issued by the Judicial Power of Quintana Roo during the incident, leaving workers and involved parties as the primary sources of information. The disruption occurred less than one month before Magistrate Heyden Cebada Rivas was scheduled to assume leadership of the tribunal. Operational impacts were confined to hearing cancellations and email security precautions, with no disclosed details about data compromise, ransom demands, or recovery methods. The incident highlighted vulnerabilities in the tribunal’s cybersecurity posture during a transitional administrative period.