Cyber Incident Victim: Judicial Poder of Quintana Roo

On or around August 9, 2022, the Judicial Power of Quintana Roo in Mexico reported a ransomware attack that disrupted email services for the Superior Court of Justice. The incident began on Tuesday of that week, rendering the court's email system inoperable. Judicial authorities publicly confirmed the cyberattack and characterized it as a ransomware incident, though no specific ransomware variant or attacker group was identified in available reports. The attack's primary observable impact was the sustained loss of email functionality, affecting court operations dependent on electronic communications. No additional compromised systems or data exfiltration claims were disclosed in the immediate public reporting. The incident coincided with unrelated law enforcement actions against financial crimes in Cancun, including the arrest of an individual accused of ATM skimming, though no connection between these events was indicated.

The Judicial Power of Quintana Roo issued direct guidance to employees following the attack, instructing staff to avoid opening emails originating from the domain tsj[dot]qroo or any unsolicited email attachments. This advisory suggested initial suspicions that the attack vector involved phishing or malicious email payloads leveraging the organization's own domain. Public statements focused on operational disruptions rather than data compromise, with no reference to ransom demands, payment, or data recovery processes. Restoration timelines and technical remediation steps were not detailed in the reported announcements. The organization maintained public confirmation of the ransomware incident but did not disclose forensic findings regarding the attack's origin, scope beyond email systems, or full restoration status within the available reporting period.