Cyber Incident Victim: Telefônica Brasil S.A.
Date:
May 2017
Location:
Brazil
Summary
A widespread ransomware attack impacted numerous organizations globally, including the Brazilian headquarters of Telefônica/Vivo alongside other Brazilian entities such as Petrobras, São Paulo courts, and the State Public Prosecutor's Office, prompting temporary website takedowns. The incident disrupted critical infrastructure internationally, notably paralyzing UK healthcare facilities that canceled appointments and reverted to manual operations, while some victims paid ransoms to restore encrypted data. Russian systems were heavily affected, though key government networks reportedly avoided compromise. Federal IT services in Brazil activated contingency plans but reported no direct breaches during the attack's peak.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The WannaCry ransomware attack, first detected in Spain on May 12, 2017, rapidly escalated into a global cybersecurity incident affecting approximately 99 countries within hours. Russia experienced widespread disruptions, with approximately 1,000 compromised computers reported by its Interior Ministry, though critical government systems remained unaffected. The United Kingdom faced severe operational impacts, particularly in healthcare, where 16 hospitals and clinics canceled appointments, diverted ambulances, and reverted to manual record-keeping. Hollywood Presbyterian Medical Center in the U.S. paid a $17,000 ransom to regain access to encrypted data. Cybersecurity firm Avast documented over 57,000 attack instances globally by the evening of May 12, underscoring the worm's rapid propagation through vulnerable Windows systems.
In Brazil, multiple high-profile organizations were compromised, including Telefônica/Vivo's São Paulo headquarters, Petrobras, São Paulo's State Court of Justice, Regional Labor Court, and State Public Ministry. These entities responded by taking their websites offline to contain the infection. Federal IT provider Serpro activated contingency plans despite reporting no direct breaches. By 22:45 local time on May 12, affected Brazilian organizations had restored online services. The coordinated takedown and rapid recovery highlighted the incident's acute but contained impact within Brazil compared to prolonged disruptions seen in other regions.