REvil Was Behind April Attack On UnitingCare Queensland

REvil Was Behind April Attack On UnitingCare Queensland

The UnitingCare Queensland healthcare organization has announced it was the REvil ransomware gang behind the cyber incident that took offline its systems last month.

Last month CIM reported that UnitingCare Queensland had fallen victim to a cyber incident. Australian UnitingCare Queensland provides aged care, disability supports, and crisis response services throughout its state. It was hit by the attack on Sunday, 25 April 2021; the attack rendered some of the organization’s systems inaccessible. 

The healthcare organization has now named REvil/Sodin as the actor behind the attack.

“We can confirm that the external group claiming responsibility for this incident has identified themselves as REvil/Sodin,” it said.

The organization still can’t say whether any personal data has been stolen:

“With the assistance of leading experts and advisors, we are conducting a thorough investigation into whether patient, client, resident or employee information has been breached.”

The organization will keep all the involved people, employees, regulators, and other stakeholders updated about the investigation results.

The organization made sure its services are as little impacted by the attack as possible: 

“Since the incident occurred, as part of our business continuity plan, back-up and downtime procedures have been in place to ensure continuity of our clinical and care services, and these procedures have been working very well,” UnitingCare said.

The REvil (Sodinokibi) ransomware gang has been more active lately than any other ransomware operation. The REvil gang rents its ransomware tools to other criminal groups in a scheme known as Ransomware-as-a-Service (RaaS).

The ransom amount they demanded from UnitingCare has not been disclosed, but in the past, REvil demanded record high ransoms from other companies, for example, $50 million from Acer.

At this point, there is no evidence that the health and safety of its patients, residents, or clients have been in any way compromised in the attack, UnitingCare is collaborating with external entities and taking measures to prevent such incidents from taking place in the future.

“Since the outset of the incident, we have been in pro-active regular contact with all relevant regulatory and government departments.”


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.