{"id":50341,"date":"2024-01-26T05:02:22","date_gmt":"2024-01-26T10:02:22","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=50341"},"modified":"2024-01-26T05:02:22","modified_gmt":"2024-01-26T10:02:22","slug":"brazil-ransomware-fundacao-casa","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/brazil-ransomware-fundacao-casa\/50341\/","title":{"rendered":"The day ransomware nearly stole thousands of young people&#8217;s data in S\u00e3o Paulo"},"content":{"rendered":"<p>There\u2019s an awesome purpose behind S\u00e3o Paulo, Brazil\u2019s 121 youth justice centers, <a href=\"https:\/\/fundacaocasa.sp.gov.br\/\" target=\"_blank\" rel=\"noopener nofollow\">Funda\u00e7\u00e3o CASA<\/a>: Every day, they work with teenagers who have committed offenses and been given a court-ordered chance to learn to change their ways.<\/p>\n<p>But with 5,000 teenagers accessing a network of some 10,000 devices, Funda\u00e7\u00e3o CASA\u2019s information security and cybernetics team must manage a tinderbox of cybersecurity risk daily.<\/p>\n<p><em>24 hours to escape a ransomware attack<\/em> is the latest film in <a href=\"https:\/\/www.youtube.com\/c\/TomorrowUnlocked\" target=\"_blank\" rel=\"noopener nofollow\">Tomorrow <\/a><a href=\"https:\/\/www.youtube.com\/c\/TomorrowUnlocked\" target=\"_blank\" rel=\"noopener nofollow\">Unlocked<\/a>\u2018s hacker:HUNTER Behind the Screens series. Funda\u00e7\u00e3o CASA\u2019s cybercrime fighters tell how they foiled a ransomware attack in a day, successfully safeguarding their young clients\u2019 personal data. There\u2019s much any organization or business can learn from their winning formula.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/2Tza58RLQ6g?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h2>Young people sentenced to learning<\/h2>\n<p>When young people commit a criminal offense in S\u00e3o Paulo, the courts may sentence them to rehabilitation through learning how to escape criminal behavior patterns. That\u2019s where Funda\u00e7\u00e3o CASA comes in: They deliver that education on behalf of the Department of Justice and Citizenship.<\/p>\n<p>Meanwhile, the private data of the 5,000 teens who attend one of Funda\u00e7\u00e3o CASA\u2019s 121 centers must be kept secure.<\/p>\n<p>Julio Signorini has worked for Funda\u00e7\u00e3o CASA for over 20 years. He says, \u201cAs they\u2019re taught by the state, the teens\u2019 data comes under the Child and Adolescent Statute (ECA.) There\u2019s always a risk their data may be leaked.\u201d<\/p>\n<h2>What is ransomware?<\/h2>\n<p>There are many ways the young people\u2019s data could be leaked, including deliberate cyberattacks. Julio says, \u201cA constant threat for us is ransomware: Malicious software that encrypts your data and demands you pay to recover it.\u201d<\/p>\n<p>To spread ransomware, attackers use social engineering to find users\u2019 vulnerabilities.<\/p>\n<blockquote><p>Something familiar \u2013 like an email from a contact in their contact list or advertisements \u2013 persuades that person to click a link, downloading malware to their device.<\/p>\n<\/blockquote>\n<p>Then the malware can spread across the network, eventually encrypting files and demanding a ransom.<\/p>\n<p>Ransomware is a growing threat. Kaspersky software detected over 21,000 <a href=\"https:\/\/www.kaspersky.com\/resource-center\/threats\/ransomware-attacks-and-types\" target=\"_blank\" rel=\"noopener nofollow\">ransomware strains<\/a> and saw <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/2022_targeted-ransomware-doubled-in-2022-new-techniques-and-groups-emerge\" target=\"_blank\" rel=\"noopener nofollow\">attacks rise 63 percent between 2021 and 2022<\/a> as a proportion of total attacks.<\/p>\n<h2>Rapid response foils attack<\/h2>\n<p>Julio explains how Funda\u00e7\u00e3o CASA\u2019s most recent ransomware incident began. \u201cA young person brought in a compromised USB flash drive from home.\u201d<\/p>\n<p>Alex Christy Rogatti, Funda\u00e7\u00e3o CASA\u2019s Head of Security, remembers the day well. \u201cIt was a tense time because it was our first experience with ransomware, but we addressed it in one day.\u201d<\/p>\n<p>Julio says their fast response started with their young client\u2019s good decision to report something unusual. \u201cThe young person noticed his device behaving strangely and contacted our service desk, who quickly escalated the case to our information security and cybernetics team.\u201d<\/p>\n<p>Alex explains what happened next: \u201cWe isolated the infected device and recovered encrypted data on that device and our network. We isolated the malware so it couldn\u2019t spread further.\u201d<\/p>\n<h2>Should you pay the ransom?<\/h2>\n<p>Not every organization responds so fast and effectively as Funda\u00e7\u00e3o CASA. Proving there\u2019s no low cybercriminals won\u2019t sink to, 2023 saw some particularly vicious ransomware attacks, like a ransomware gang breaching Lehigh Valley Health Network in Pennsylvania, US, then <a href=\"https:\/\/cybernews.com\/news\/alphv-leak-lvhn-patient-data\/\" target=\"_blank\" rel=\"noopener nofollow\">leaking stolen photos and personal details of breast cancer patients<\/a>.<\/p>\n<p>It\u2019s the severity of cases like these that tempts some victims of ransomware to pay their captors. Funda\u00e7\u00e3o CASA\u2019s Chief Information Security Officer (CISO) Odenilson Dos Santos Bonfim says, \u201cPaying the ransom should be the last option. First, there\u2019s no guarantee they\u2019ll let you unencrypt your data when you pay. Second, paying the ransom encourages more ransomware. Third, you\u2019d share financial information they may use in a scam or financial crime in future.\u201d<\/p>\n<p>To help ransomware victims and deter these kinds of attacks, Kaspersky is a found partner of the <a href=\"https:\/\/www.nomoreransom.org\/en\/index.html\" target=\"_blank\" rel=\"noopener nofollow\">No More Ransom<\/a> initiative. It offers <a href=\"https:\/\/www.nomoreransom.org\/en\/decryption-tools.html\" target=\"_blank\" rel=\"noopener nofollow\">free ransomware decryption tools<\/a> and <a href=\"https:\/\/www.nomoreransom.org\/en\/ransomware-qa.html\" target=\"_blank\" rel=\"noopener nofollow\">advice on how to prevent and deal with ransomware attacks<\/a>.<\/p>\n<h2>Reducing business vulnerability to ransomware<\/h2>\n<p>Odenilson thinks there\u2019s much business can do to prevent more cyberattacks of all kinds.<\/p>\n<blockquote><p>Cybercriminals often exploit system vulnerabilities, like outdated systems. They also use malicious websites to inject corrupt information or files giving access to the user\u2019s machine. <\/p>\n<cite><p>Odenilson Dos Santos Bonfim, Chief Information Security Officer (CISO,) Funda\u00e7\u00e3o CASA<\/p><\/cite><\/blockquote>\n<p>\u201cWe maintain an always up-to-date environment, with effective solutions for monitoring data and preventing any type of attack.\u201d<\/p>\n<p>That a user first raised the alarm about this attack shows the importance of a <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/heathrow-airport-cybersecurity-education\/44618\/\" target=\"_blank\" rel=\"noopener nofollow\">cyber-aware organizational culture<\/a>. Odenilson says, \u201cIt\u2019s fundamental to encourage awareness, good market practices and publicize information security and cybersecurity information to your whole team and organization.\u201d<\/p>\n<p>How the ransomware attack on Funda\u00e7\u00e3o CASA was stopped echoes the importance of their work showing young people alternatives to a life of crime. By doing the right thing thanks to knowing what to do, one young person kickstarted the process that safeguarded their peers\u2019 precious personal data. The quick thinking and coordinated action of the service desk and information security and cybernetics teams shows how strong relationships make strong cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>They help young people overcome a criminal past, but S\u00e3o Paulo\u2019s 121 youth justice centers, Funda\u00e7\u00e3o CASA, must also battle cybercrime.<\/p>\n","protected":false},"author":2552,"featured_media":50342,"template":"","coauthors":[3673],"class_list":{"0":"post-50341","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-data-breaches","8":"emagazine-tag-child-protection","9":"emagazine-tag-education","10":"emagazine-tag-ransomware"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/brazil-ransomware-fundacao-casa\/50341\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/brazil-ransomware-fundacao-casa\/29676\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/50341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/50342"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=50341"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=50341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}