Vice Society attacks Federal University of São Paulo

Incident Date:

March 28, 2022

World map



Vice Society attacks Federal University of São Paulo


Federal University of São Paulo




São Paulo, Brazil

, Brazil

First Reported

March 28, 2022

Ransomware Attack on Federal University of Sao Paulo Hospital

The Vice Society ransomware gang has attacked the Federal University of Sao Paulo. Hackers infected the hospital's computers with ransomware, blocking user access and demanding payment to regain control. According to Walter Cintra Ferreira, the hospital's director, the attack occurred on Wednesday, March 22nd. Since then, the hospital has been limited to providing urgent and emergency care only.

Efforts to Regain Control

To regain access to the computers, the hospital is reformatting 600 machines. So far, no reports of patient data being compromised have been reported. All hospital systems were affected, and the process of reformatting the machines was slow. According to Ferreira, the hospital is prioritizing areas that require immediate attention, but there is no definite timeline for when the situation will be fully resolved.

Recovery and Investigation

Instead of paying the ransom, the hospital is working on recovering data from backups of the affected computers. However, it's uncertain whether everything will be successfully restored at this point, as stated by the director. If an investigation into the incident reveals that Vice Society stole personal data, the hospital will release an official statement, Cintra Ferreira assures.

Impact on Services

Apart from providing free emergency services to the population of São Paulo, the University Hospital also conducts medical tests and consultations for USP students, professors, and employees. It has a total of 180 beds for inpatient care.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.