Qilin Ransomware Hits Jaboatão dos Guararapes Prefeitura, 500GB Data Stolen
Incident Date:
August 16, 2024
Overview
Title
Qilin Ransomware Hits Jaboatão dos Guararapes Prefeitura, 500GB Data Stolen
Victim
Prefeitura do Jaboatão dos Guararapes
Attacker
Qilin
Location
First Reported
August 16, 2024
Ransomware Attack on Prefeitura do Jaboatão dos Guararapes by Qilin Group
The Prefeitura do Jaboatão dos Guararapes, the municipal government for the city of Jaboatão dos Guararapes in Pernambuco, Brazil, has been targeted by the Qilin ransomware group. This attack has significant implications for the city's public administration and services.
Overview of the Victim
The Prefeitura do Jaboatão dos Guararapes serves a population of approximately 665,387 residents. The municipal government is responsible for a wide range of public services, including education, healthcare, infrastructure, and social services. The Prefeitura manages public schools, hospitals, and urban planning projects, aiming to improve the quality of life for its residents. Recent initiatives include hiring teachers through public competitions and expanding public transportation options.
Details of the Attack
The ransomware attack occurred in the early hours of July 10, causing significant disruptions to virtual services such as CadÚnico scheduling, De Olho na Consulta, and the official municipal website. Initially described as an international attack, it remained unclaimed until July 16, when the Qilin ransomware group posted details on their dark web leak site, confirming their involvement. The cybercriminals claim to have exfiltrated 500 GB of sensitive data, threatening to release it if their demands are not met.
About the Qilin Ransomware Group
The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. First appearing in October 2022, Qilin has targeted various sectors, including healthcare, automotive, and government agencies. The group employs advanced tactics such as data exfiltration and double extortion to pressure victims into paying ransoms. Qilin's adaptability and cross-platform capabilities make it a formidable threat in the cybersecurity landscape.
Potential Vulnerabilities
The Prefeitura do Jaboatão dos Guararapes, like many municipal governments, may have vulnerabilities that make it an attractive target for ransomware groups. These can include outdated security patches, insufficient network segmentation, and inadequate employee security awareness. The extensive range of services managed by the Prefeitura, from healthcare to education, increases the potential attack surface, making comprehensive cybersecurity measures essential.
Penetration Methods
While the exact method of penetration in this case is not publicly detailed, Qilin typically uses phishing attacks, exploiting unpatched vulnerabilities, and leveraging weak passwords to gain initial access. Once inside, they deploy ransomware to encrypt data and exfiltrate sensitive information, using it as leverage for their extortion demands.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.