Cyber Incident Victim: Tribunal de Justiça de São Paulo

The WannaCry ransomware attack on May 12, 2017, disrupted operations at multiple Brazilian institutions including the Justice Court of São Paulo (Tribunal de Justiça de São Paulo), part of a global incident affecting at least 99 countries. Initial attacks surfaced in Spain before spreading rapidly, with Russia reporting approximately 1,000 compromised computers despite government systems remaining unaffected. Sixteen UK healthcare facilities canceled appointments and diverted ambulances, forcing medical staff to revert to paper records, while Hollywood Presbyterian Medical Center paid a $17,000 ransom for decryption keys. In Brazil, the Justice Court of São Paulo joined other major entities—including Telefônica/Vivo’s Brazilian headquarters, Petrobras, the São Paulo Regional Labor Court (TRT-SP), and the São Paulo State Prosecutor’s Office—in proactively taking their websites offline to contain the threat. By 22:45 local time that evening, all affected Brazilian websites had been restored.

The incident caused widespread operational disruptions among Brazilian public and private sector organizations. Alongside the Justice Court of São Paulo, the TRT-SP and State Prosecutor’s Office implemented emergency measures by temporarily removing public-facing digital services. Federal IT provider Serpro activated contingency plans despite no confirmed breaches within its government-servicing infrastructure. Global cybersecurity firm Avast documented over 57,000 attack samples during the outbreak. No ransomware payments by Brazilian victims were reported, contrasting with the Hollywood hospital’s transaction. The coordinated takedown of web assets by multiple São Paulo judicial institutions demonstrated a containment-focused response to the unprecedented ransomware campaign.