article featured image


In a press release, the Brazil-based healthcare company Grupo Fleury has disclosed that this Tuesday its online systems were targeted in a REvil ransomware attack that led to the disruption of its operations.

The company’s systems remained down since then.

Grupo Fleury SA is a Brazilian organization located in São Paulo, which is active in the healthcare sector. The company that provides medical laboratory services, among other things, has over 200 service centers and more than 10,000 employees.

On the website of the Brazilian medical diagnostic company, a message translated into English claims that services on the page are unavailable because of an “attempted external attack”. The note also says that the group prioritizes the restoration of services using “all technical resources and efforts”.

Announcement on the website about the Grupo Fleury REvil ransomware attack


The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.


With their systems offline, business operations are disrupted, with customers not being able to timetable lab investigations or other clinical exams online.

Other Organizations Affected by REvil Ransomware

Even if the medical organization hasn’t officially confirmed that the attack was conducted by ransomware operators, BleepingComputer was told that REvil/ Sodinokibi was behind this incident.

Discovered in April 2019, REvil or Sodinokibi rapidly became one of the most distributed ransomware in the world, targeting mostly American and European companies.

REvil was most recently responsible for a ransomware attack on JBS Foods, the world’s largest meatpacking enterprise, which paid a ransom of $11 million in order to keep their stolen information from being leaked online. In April, REvil stole and published blueprints from Apple supplier Quanta Computer. That attack reportedly claimed a $50 million ransom.

Earlier this month, Sol Oriens, a small U.S. nuclear weapons contractor, has confirmed it has also been affected by a cyberattack that specialists say came from the tenacious REvil Ransomware-as-a-Service (RaaS) group and resulted in data theft.

According to BleepingComputer, the REvil ransomware operation is asking for $5 million to receive a decryptor and not publish online allegedly stolen information.

The ransomware sample shared with BleepingComputer indicated that no data was stolen or leaked until now.

Grupo Fleury ransom demand


According to Grupo Fleury, actions were taken to maintain customer service through contingency solutions while the system is down. The Brazilian company also stated that it followed security and control protocols in an attempt to reduce further damage.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *