Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
In a press release, the Brazil-based healthcare company Grupo Fleury has disclosed that this Tuesday its online systems were targeted in a REvil ransomware attack that led to the disruption of its operations.
The company’s systems remained down since then.
Grupo Fleury SA is a Brazilian organization located in São Paulo, which is active in the healthcare sector. The company that provides medical laboratory services, among other things, has over 200 service centers and more than 10,000 employees.
On the website of the Brazilian medical diagnostic company, a message translated into English claims that services on the page are unavailable because of an “attempted external attack”. The note also says that the group prioritizes the restoration of services using “all technical resources and efforts”.
The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.
With their systems offline, business operations are disrupted, with customers not being able to timetable lab investigations or other clinical exams online.
Other Organizations Affected by REvil Ransomware
Even if the medical organization hasn’t officially confirmed that the attack was conducted by ransomware operators, BleepingComputer was told that REvil/ Sodinokibi was behind this incident.
Discovered in April 2019, REvil or Sodinokibi rapidly became one of the most distributed ransomware in the world, targeting mostly American and European companies.
REvil was most recently responsible for a ransomware attack on JBS Foods, the world’s largest meatpacking enterprise, which paid a ransom of $11 million in order to keep their stolen information from being leaked online. In April, REvil stole and published blueprints from Apple supplier Quanta Computer. That attack reportedly claimed a $50 million ransom.
Earlier this month, Sol Oriens, a small U.S. nuclear weapons contractor, has confirmed it has also been affected by a cyberattack that specialists say came from the tenacious REvil Ransomware-as-a-Service (RaaS) group and resulted in data theft.
According to BleepingComputer, the REvil ransomware operation is asking for $5 million to receive a decryptor and not publish online allegedly stolen information.
The ransomware sample shared with BleepingComputer indicated that no data was stolen or leaked until now.
According to Grupo Fleury, actions were taken to maintain customer service through contingency solutions while the system is down. The Brazilian company also stated that it followed security and control protocols in an attempt to reduce further damage.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
