The official website of the Ministry of Health was the target of a hacker attack during the early hours of Friday (10). Until early morning, the page was still down. With this, the ConnectSUS page, which contains information, for example, about the vaccination of the population against Covid-19, is also unavailable.

According to the folder, the attack temporarily compromised the “e-SUS Notifica, Information System of the National Immunization Program (SI-PNI), ConectaSUS and features such as the issuance of the Covid-19 National Vaccination Certificate and the Wallet National Digital Vaccination”.

The group to which the attack is attributed calls itself Lapsus$. In the message left by the criminals, there was a ransom demand for the stored information. “The internal data from the systems has been copied and deleted. 50 TB of data is (sic) in our hands. Contact us if you want the data back.” At the end of the text, there is an encrypted email contact and telegram.

The type of attack that the Ministry of Health website has suffered is called Ransomware, in which the attacker inserts malicious code making the data inaccessible, usually using encryption. The main characteristic of this type of attack is that crackers, a name used to designate people with computer knowledge, but who use it for the purposes of attacks, request ransom so that the data owners have the information back.

The ransom is usually paid in bitcoins, virtual currency that is difficult to trace. The bitcoin market price index, according to the Coin Market Cap, which monitors the prices of cryptoactives, is evaluated by the daily rate at R$269,082.00.

Through a statement, the Ministry of Health informed that the Institutional Security Office (GSI) and the Federal Police are investigating the invasion of the system. “The SUS IT Department (Datasus) is working with maximum agility for the reestablishment of platforms”, says the text.

other attacks

This is not the first attack on the Ministry of Health’s systems. In February, the folder’s network was invaded and the hacker took the opportunity to criticize the network’s security. “Fix this pig site or next time you’ll leak the data of those responsible for this crap,” he said, in a message that was exposed on “FormSUS”, signed by Hacker Sincere.

In January, another hacker wrote after the attack that the site was “junk.”