The Federal Police (PF) carried out, this Tuesday (16), an operation against suspected of having carried out cyber attacks against federal government websites at the end of 2021.
In total, under the scope of “Operation Dark Cloud”, the police officers execute eight search and seizure warrants divided between the states of Paraíba, Minas Gerais, Paraná and Santa Catarina.
“During the investigation, it was discovered that these attacks were carried out by a transnational criminal organization dedicated to the practice of crimes of this nature, targeting public and private entities in Brazil, the United States, Portugal and Colombia,” the PF said in a statement.
Among the targets of hackers last year, the Ministry of Health website was offline along with other portals in the folder, such as “Portal Covid” and “ConecteSUS”, used as proof of vaccination against Covid-19.
The police investigation that led to this Tuesday’s operation was launched on the day of the attack on Health, on December 10, 2021. “The invaders deleted files, data and instances from the attacked folder”, added the PF.
In addition to the attacks on the Ministry of Health, the group improperly accessed the virtual environment of other authorities. See the list below.
Other organs attacked by hackers:
- Comptroller General of the Union
- Ministry of Economy
- Federal Institute of Paraná
- National Water and Sanitation Agency
- National School of Public Administration
- National Land Transport Agency
- Rio de Janeiro Botanical Garden Research Institute
- National Electric Energy Agency
- Complementary Pension Fund for the Federal Public Servant
- Federal Highway Police
According to the PF, the suspects are accused of crimes of criminal organization, invasion of a computer device, interruption or disturbance of telegraph, radiotelegraph or telephone service, preventing or hindering its restoration, in addition to the crime of corruption of minors and money laundering. capitals.
Hacker attack against Ministry of Health
In the early hours of December 10 of last year, the Ministry of Health website (www.saude.gov.br) was hacked.
All portals in the folder, such as “ConecteSUS” and “Portal Covid” were also affected and are unable to access.
The Lapsus$ Group, which claims responsibility for the cyberattack, stated in a message that 50 terabytes of information were removed from the system and are in the group’s possession. “Contact us if you want the data returned”, says the message on the website.
The portal suffered a “ransomware”, a hacker attack characterized by the paralysis of the system followed by a ransom demand for release. Faced with the situation, affected companies and agencies must make the difficult decision whether or not to pay the hackers to remove the outage.
AIG, one of the world’s largest insurers, says it has seen a 150% increase in ransom and extortion claims between 2018 and 2020. Ransom claims now account for one in five cyber insurance claims, the company added.
The attack happened around 1 am. About two hours later, the message went offline and the site remained unavailable for access.
Also on the 10th, the Ministry of Health called the Institutional Security Office and the Federal Police to investigate what had happened.
According to the Ministry, the incident “temporarily compromised some systems in the folder”, citing systems such as “e-SUS Notifica, National Immunization Program Information System (SI-PNI), ConectSUS and features such as the issuance of the National Covid Vaccination Certificate”. -19 and the National Digital Vaccination Card”.
Understand what ransomware is
Ransonware, a hacker attack suffered by the Ministry of Health website, is like a “data hijacking”, according to Luiz Fernando Prado, a partner at the Prado Vidigal Advogados law firm specializing in data protection.
In an interview with CNN Radio he stated that the ransomware, which was made in the folder system, “has been very common”.
Ransomware basically happens when a server is infected and the program blocks access to that data. “If I am a user of the system, I enter the computer and I can no longer access it, [os dados] will be with password, encryption.”
Luiz Fernando also exemplified exactly how ransomware occurs: “The attacker gets internal access, for example, when sending an email to the organization, someone clicks, opens a suspicious file, and the malicious agent finds data and blocks the information.”
In these cases, according to the expert, attackers usually ask for ransom to release access. “Usually by cryptocurrencies to make tracking difficult, if the organization is not well prepared, it is in doubt whether to pay or not.”
“Our recommendation is not to pay, because we cannot encourage this type of gang, condone crime, and there is no guarantee that he will return the data”, he added.
The expert points out that it is possible to restore order, but that depends on how the “Ministry of Health was prepared”: “In most cases, data rescue takes place, the point of greatest concern is that it is potentially sensitive data, we need to be aware whether or not our data was affected.”
Another concern is with possible copying of information by hackers. “Backup is one of the risks, even with the data restored, to eventually commercialize the copied information.”
“There are measures to mitigate the damage, such as backup on another server, in which access and service can be restored quickly, what happens is that organizations are not yet prepared to deal with this type of attack, we have cases with days and weeks of instability”, he pondered.
Source: CNN Brasil
