Cyber Incident Victim: Prefeitura de Pirajuí

On October 30, 2024, at approximately 14:00 local time, employees at the Prefeitura Municipal de Pirajuí in São Paulo state reported system failures across municipal operations. A representative from the municipality immediately investigated the central server, which was managed by a third-party company, and confirmed the infrastructure had been compromised by a cyberattack. Attackers encrypted all files on municipal systems, rendering them inaccessible, and disrupted both internal administrative functions and public-facing online services. The intrusion affected critical departments including Finances, Purchasing, Human Resources, Health Secretariat, Education Secretariat, Fundação Educacional 29 de Março, and the autonomous water and sewage utility (SAAE). Criminals established communication with the municipality, delivering decryption instructions alongside a ransom demand exceeding R$5 million (approximately USD $900,000). The attack paralyzed routine operations, preventing access to essential records and disrupting public service delivery channels.

The Prefeitura confirmed in an official statement that comprehensive physical and digital backups had been executed minutes before the attack commenced, ensuring no permanent data loss occurred despite the encryption. Technical support teams worked to restore systems following the incident, successfully reinstating functionality by the morning of November 1, 2024—approximately 44 hours after initial detection. Municipal authorities did not disclose whether ransom negotiations occurred or if any payment was made to the attackers. Service restoration prioritized reestablishing public access points while internal administrative systems underwent phased recovery. The incident report filed with law enforcement documented the intrusion timeline, financial demand, and scope of compromised infrastructure but did not identify specific threat actors or attack vectors utilized in the breach.