Brazil’s Health Ministry is experiencing extended downtime after experiencing two ransomware attack, one on 10th of December 2021 and 14th of December 2021. It is believed that these attacks are linked to an act of activism related to Covid-19 vaccination data and Brazil’s digital inoculation certificates. A group called Lapsus$ Group has claimed responsible for these attacks.
The first ransomware attack resulted in all websites of the Health Ministry being taken offline. The Lapsus$ Group then contacted the Health Ministry where they claimed credit for the attack and claimed that they extracted some 50 TB of data from the Covid-tracking program and subsequently deleted it from the agency’s servers. The Health Ministry later issued a statement stated that it had a backup of the stolen vaccination data.
The second attack seemed to have targeted many of the same systems that were attacked during the first attack. Although there seems that this attack did not result in in data but the ConecteSUS app used to track Covid treatments was taken offline.