Cyber Incident Victim: Prefeitura de Chapadão do Sul

In May 2025 the municipal technology environment of Prefeitura de Chapadão do Sul was subjected to a cyberattack that involved the encryption of data. The attack caused the paralysis of critical systems and the unavailability of institutional information, affecting strategic areas such as health, tax collection, finances, social assistance, personnel management and other administrative activities. Because the municipality wished to prevent further exploitation of vulnerabilities, it did not disclose technical details of the incident immediately after it occurred. During the period of instability the administration reported that a ransom demand of 1.5 million dollars was made and that the municipal government refused to pay the extortion amount. The decision to reject the payment was presented as a measure to preserve public funds and uphold ethical and responsible management of municipal resources.

Following the attack the municipality registered a police report with both the Civil Police and the Federal Police and instituted an internal administrative procedure to investigate the facts and assign responsibility. A specialized company was contracted to analyze the encrypted data and attempt recovery, while the affected machines were preserved as evidence for the investigation. The administration acquired a new physical server with greater capacity and enhanced security to support the restoration effort. Based on Decree nº 4.057/2025 and other administrative actions, the prefeitura issued a new series of tax invoices to enable the resumption of NFS‑e provision, created a provisional database to allow emergency registration of local companies, and granted provisional release of negative debt certificates to maintain business and administrative continuity. Additionally, the municipality began issuing operating licenses to avoid harm to new enterprises and provided guidance to taxpayers through telephone, WhatsApp and email channels, together with special in‑person assistance aimed at minimizing impacts on the population. The digital infrastructure was rebuilt with reinforced cybersecurity, decentralized access controls and the adoption of new IT governance practices.

After three weeks of technical work the prefeitura announced that all essential public services had been securely restored, including the online issuance of guides, the electronic tax invoice system and other municipal services, with the partnership of specialized companies allowing the recovery of 100 % of the data. Some services, such as the issuance of ITBI guides and specific taxes, could still present instability, with full normalization expected in the coming days. The new digital infrastructure now operates with elevated security standards, incorporating external backup, intrusion barriers and modern protection systems against threats. To assist users the municipality made available the telephone numbers (67) 3562‑5620 for the Citizen Assistance Center and (67) 3562‑5671 for the Tax Auditing Department, and advised that any inconsistencies in data should be reported to those offices. It also noted that password access errors could occur after the data migration and that users should seek help from the Tax Auditing Department, requesting password recovery through the protocol 1 doc system. The administration reiterated its commitment to transparency, public responsibility and modernization of services, stating that it had acted with agility, seriousness and a focus on protecting data and the interests of the local population.