In a press release, the Brazil-based healthcare company Grupo Fleury has disclosed that this Tuesday its online systems were targeted in a REvil ransomware attack that led to the disruption of its operations.
The company’s systems remained down since then.
Grupo Fleury SA is a Brazilian organization located in São Paulo, which is active in the healthcare sector. The company that provides medical laboratory services, among other things, has over 200 service centers and more than 10,000 employees.
On the website of the Brazilian medical diagnostic company, a message translated into English claims that services on the page are unavailable because of an “attempted external attack”. The note also says that the group prioritizes the restoration of services using “all technical resources and efforts”.
The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.
With their systems offline, business operations are disrupted, with customers not being able to timetable lab investigations or other clinical exams online.
Other Organizations Affected by REvil Ransomware
Even if the medical organization hasn’t officially confirmed that the attack was conducted by ransomware operators, BleepingComputer was told that REvil/ Sodinokibi was behind this incident.
Discovered in April 2019, REvil or Sodinokibi rapidly became one of the most distributed ransomware in the world, targeting mostly American and European companies.
REvil was most recently responsible for a ransomware attack on JBS Foods, the world’s largest meatpacking enterprise, which paid a ransom of $11 million in order to keep their stolen information from being leaked online. In April, REvil stole and published blueprints from Apple supplier Quanta Computer. That attack reportedly claimed a $50 million ransom.
Earlier this month, Sol Oriens, a small U.S. nuclear weapons contractor, has confirmed it has also been affected by a cyberattack that specialists say came from the tenacious REvil Ransomware-as-a-Service (RaaS) group and resulted in data theft.
According to BleepingComputer, the REvil ransomware operation is asking for $5 million to receive a decryptor and not publish online allegedly stolen information.
The ransomware sample shared with BleepingComputer indicated that no data was stolen or leaked until now.
According to Grupo Fleury, actions were taken to maintain customer service through contingency solutions while the system is down. The Brazilian company also stated that it followed security and control protocols in an attempt to reduce further damage.