After disclosing on April 26 that it had suffered a cyberattack which affected its hospitals and aged care homes, UnitingCare Queensland has now identified the hackers behind the attack as one of the most notorious cyber ransom gang in the world – REvil/Sodin.

The UnitingCare Queensland group, known as UnitingCare, is a health and community service provider and one of the largest charity groups in Australia.

As stated by the healthcare provider, the cyber attack impacted several IT systems utilized by hospitals and aged care facilities and even left some of them inaccessible ever since.

In a statement, UnitingCare Queensland has confirmed that the attack was performed by cyber ware operation REvil/Sodin, the same hacking group responsible for past attacks against major targets including Donald Trump and Apple.

UnitingCare stated:

We can confirm that the external group claiming responsibility for this incident has identified themselves as REvil/Sodin.


Other important health providers in the United States and a New York law company, which boasted clients like Madonna, Elton John, and Lady Gaga also fell victims to REvil ransomware group.

UnitingCare also stated investigations into whether patient, client, resident, or employee data has been affected were still in progress, and that it was still “not possible to provide a resolution timeframe” from the incident.

With the assistance of leading experts and advisors, we are conducting a thorough investigation into whether patient, client, resident, or employee information has been breached.

This investigation is continuing and we will continue to keep the people we care for updated in this regard, in addition to employees, regulators, and other stakeholders.


The ransom claimed by the REvil gang hasn’t been revealed by UnitingCare, but in March we disclosed that a REvil ransomware attack also hit the PC vendor Acer asking for $50,000,000.

UnitingCare Queensland’s corporate affairs director Matthew Cuming stated that since the incident took place, as part of their business continuity plan, backup and downtime procedures have been in place to guarantee continuity and stability of their care services, and these procedures have been working very well.

Cuming also declared at the moment nothing shows the health and safety of patients, residents, or clients had been affected as a result of the cyber incident.

As soon as we became aware of the incident, we engaged the support of leading external technical and forensic advisors. We also notified the Australian Cyber Security Centre of the incident and are continuing to work closely with them to investigate it.

Since the outset of the incident, we have been in proactive regular contact with all relevant regulatory and government departments.


He also confirmed some systems had already been fixed but was unable to say how long it would take to resolve all the problems.

REvil ransomware is responsible for several high-profile infections in recent months, including Acer, Apple supplier Quanta, Asteelflash, Laboratoires Pierre Fabre.

REvil Ransomware Gang Warns to Leak New Apple Logos and iPad Plans

REvil Ransomware Gang Claims to Have Stolen Apple’s Product Designs

Pharmaceutical Group Pierre Fabre Fell Victim of REvil Ransomware Attack

New REvil Ransomware Version Automatically Logs Windows into Safe Mode

Asteelflash Hit by REvil Ransomware Attack

Leave a Reply

Your email address will not be published. Required fields are marked *