Lockbit attacks Sefaz-RJ

Incident Date:

April 22, 2022

World map



Lockbit attacks Sefaz-RJ






Rio de Janeiro, Brazil

, Brazil

First Reported

April 22, 2022

The Lockbit Ransomware Gang Attacks Sefaz-RJ

The Lockbit ransomware gang has attacked Sefaz-RJ. The Secretary of State for Finance of Rio de Janeiro confirmed that the organization is grappling with a ransomware attack on its systems. The LockBit ransomware group has claimed responsibility for targeting government office systems and has allegedly stolen approximately 420 GB of data. The group has threatened to release the stolen data on Monday.

In a statement to The Record, a spokesperson for the Secretary of State for Finance of Rio de Janeiro revealed that they have reached out to the law enforcement agency responsible for handling digital crimes in Brazil. This action was taken after the cybercriminal behind the breach issued threats against their systems. "The attacker demanded payment to prevent the disclosure of data purportedly stolen from Sefaz-RJ's systems. The amount of data in question represents only 0.05% of the Secretariat's stored data," stated the spokesperson.

Rio de Janeiro: A Financial Hub at Risk

Rio de Janeiro is the second-largest city in Brazil, following São Paulo, and serves as the headquarters for various state-owned companies, including Petrobras, Eletrobras, Caixa Econômica Federal, National Economic and Social Development Bank, and Vale. Renowned as one of the financial centers of South America, the city ranks 30th in terms of GDP among all cities worldwide. In 2021, Rio de Janeiro exported goods valued at $32.5 billion.

Response and Measures Taken

The Undersecretariat for Information and Communication Technology (SUBTIC) informed The Record that they had offered their assistance to the police in conducting the investigation. "Since 2020, SUBTIC has been prioritizing the enhancement of information security, which is evident in the limited impact of this attack. The effectiveness of the measures we have implemented has contributed to this outcome," added the spokesperson.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.