Brazilian Healthcare Giant Grupo Fleury Hit by REvil Ransomware

Brazilian Healthcare Giant Grupo Fleury Hit by REvil Ransomware

Brazilian medical diagnostic company Grupo Fleury, the leading provider of medical examinations in Brazil, was hit by a ransomware attack that crippled its operations. Grupo Fleury operates over 200 service centers in Brazil and has more than 10,000 employees.

The company resorted to shutting down its IT systems. The Fleury website went offline, too, after it was attacked yesterday. The site is displaying an alert warning that says systems were no longer accessible due to a cyber incident, and the company is prioritizing the recovery:

“Please be advised that our systems are currently unavailable and that we are prioritizing the restoration of services,” read the alert as translated into English.

The issue originated from an external attack: “The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.”

With their systems offline, patients are unable to schedule lab examinations or other clinical exams online. Before the attack, the company performed about 75 million clinical exams in a year.

While local media outlets have reported that the company has suffered a ransomware attack, Grupo Fleury itself has not confirmed the cyber incident took place.

According to various cybersecurity sources, the firm suffered a ransomware attack carried out by REvil, aka Sodinokibi.

This ransomware group is responsible for a number of high-profile attacks, which include the operations of Brazil’s Supreme Court, the US government’s nuclear weapons contractor Sol Oriens, and most recently, JBS, the world’s largest meat producer.

In a sample of the ransomware used in this attack, as seen by BleepingComputer, REvil demanded $5 million for a decryptor and not leaking the supposedly stolen files.

No proof of stolen data or mentions of the victim’s name was shared by the attackers.

If the data of Grupo Fleury has been stolen, it could contain a large amount of sensitive and personal data of patients.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.