By Leonardo Neri and Barbara Oliveira

Last Tuesday, November 3, the Superior Court of Justice (STJ) had its entire database encrypted, making it inaccessible internally and externally, which can be considered the biggest cyber attack in the history of the Brazilian government.

So far, no way has been identified to decrypt the servers. The situation becomes even more serious since the backups of the Court were also encrypted, leaving the entire collection of cases inaccessible and the systems inoperable.

The Federal Police are conducting an investigation into the attack, but the extent of the damage caused is still unknown, nor is the amount of data copied by the hacker. There is a high risk of confidential information and personal data being leaked, and the provisions of the General Data Protection Law may apply.

According to information from the Federal Police, investigations indicate a server in Europe as the possible origin of the attack. The Director General of the Federal Police, Rolando Alexandre de Souza, reported that the hacker has already been identified and that he would have demanded a ransom payment in order to not continue with the destruction of the data.

In addition to the Federal Police, the STJ also has the support of the Brazilian Army's Cyber Defense Command and the Special Secretariat for Debureaucratization, Management and Digital Government of the Ministry of Economy.

This Monday, November 9th, the STJ will gradually resume its activities and from Tuesday, the 10th, procedural deadlines will start running again, with the reestablishment of the Justice System, which provides access to electronic processes.

The Court's official statements regarding the attack were made available on the home page of the STJ website (stj.jus.br).

In a note released on Friday, November 6, the STJ reported that the data is being fully recovered through backup. According to technicians, one of the backups maintained by the Court did not suffer any damage, which allowed recovery.

Even with information that the data is being recovered, the matter has generated great repercussions in the legal community, given the possible consequences of the attack, which involves data from approximately 255 thousand processes.

In the event of failure to recover the information and permanent loss of the proceedings, it is possible to request the restoration of the records, as provided for in articles 712 et seq. of the Code of Civil Procedure, applicable to cases of disappearance of physical or electronic records. In this case, the parties must make available the certificates, procedural documents and any documents they have in their possession, in order to enable the restoration.

As investigations continue over the next few days, technicians should identify the extent of the possible damage caused to the Court's database, allowing appropriate measures to be taken for repair.