[BreachExchange] Healthcare giant Grupo Fleury hit by REvil ransomware attack

[Sophia Kingsbury]

https://www.bleepingcomputer.com/news/security/healthcare-giant-grupo-fleury-hit-by-revil-ransomware-attack/

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware
attack that has disrupted business operations after the company took its
systems offline.

Grupo Fleury is the largest medical diagnostics company in Brazil, with
over 200 service centers and more than 10,000 employees. The company
performs approximately 75 million clinical exams in a year.

Starting yesterday, the Fleury website began displaying an alert warning
that they suffered an attack and that systems are no longer accessible.

"Please be advised that our systems are currently unavailable and that we
are prioritizing the restoration of services," read the alert translated
into English.

"The causes of this unavailability originated from the attempted external
attack on our systems, which are having operations reestablished with all
the resources and technical efforts for the rapid standardization of our
services."

With their systems shut down, business operations are disrupted, and
patients are unable to schedule lab tests or other clinical exams online.

Grupo Fleury allegedly hit by ransomware

While local media has received confirmation that the company has suffered a
cyberattack, Grupo Fleury has not officially confirmed a ransomware attack.

However, multiple cybersecurity sources have told BleepingComputer that
Grupo Fleury suffered an attack by the ransomware operation known as REvil,
also known as Sodinokibi.

This ransomware operation is responsible for numerous high-profile attacks,
including Brazil's Rio Grande do Sul court system, nuclear weapons
contractor Sol Oriens, and JBS, the world's largest meat producer.

In a sample of the ransomware used in the attack and shared with
BleepingComputer, the REvil ransomware operation is demanding $5 million to
receive a decryptor and not leak allegedly stolen files.

REvil is known for stealing files before encrypting devices and then using
the stolen data as leverage to get a company to pay the ransom.

>From the ransomware sample, no proof of stolen data or mention of the
victim's name has been shared by the attackers at this time.

If data has been stolen, Grupo Fleury's data is of significant concern as
it could contain enormous amounts of personal and medical data of patients.

BleepingComputer has contacted Grupo Fleury with further questions but has
not received a response at this time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210624/f8e13ad7/attachment.html>