Companies and public agencies that do not keep their systems up to date run an enormous risk of being invaded: this is what happened with Companhia Docas do Ceará (CDC), administrator of Porto do Mucuripe, in Fortaleza; and with the municipality of Barrinha (SP). Both are operating manually because the data has been encrypted and will only be released upon payment in bitcoin.
The two attacks occurred on October 28. In the case of CDC, cannot access corporate e-mail or the Sisport Web administration system, which allows controlling port operations such as ship loading and unloading, receipt issues, among others.
For this reason, the port of Mucuripe has been using external e-mails and manually controlling the entry and exit of cargo in trucks and ships. “What they did was encrypt our information,” says Mayhara Chaves, CDC’s CEO, to the newspaper The people. Hackers demand ransom to be paid in bitcoin to send the encryption key.
In this case, it is not a ransomware: the Twitter explains that hackers had remote access to CDC’s servers and encrypted all data, including the backup. The site was down for several days; it uses Microsoft’s IIS 7.0 platform, last updated in 2009. (IIS 10.0 has been available since 2016.)
Ransomware infected Barrinha (SP) systems
In Barrinha, in the interior of São Paulo, the administrative, accounting and financial systems of the municipal administration were victims of ransomware. “We can’t, we don’t get in and nothing comes out, everything is blocked, we can’t work”, said Mayor Maria Emilia Marcari (PTB) to G1.
All the data was encrypted, and the hacker demanded payment in bitcoin to release it, in an amount equivalent to R $ 7 thousand. The city called the ransomware that hit the server a “virus” (another type of malware), and revealed that it did not back up the data daily; from now on, the backup copy must be made every day at the end of the working day.
The salaries of the thousand civil servants in the city were overdue: they should have been paid on October 30th, but only dropped into the account on November 8th. after manual work of the Human Resources Secretariat.
Both the CDC and the Barrinha city government thought the attack would have a quick solution: both promised to normalize the situation by 30 October. However, the data is encrypted so far, no expected date to regain access to systems. The Federal Police investigates both cases.