The largest medical diagnostic facility in Brazil, Grupo Fleury, has allegedly suffered a ransomware attack. While the service announced disruptions due to cyber attacks, sources hint at the possible involvement of REvil gang. Around the same time, French Connect, a UK fashion brand, also reported a ransomware attack from the same threat actors.
Grupo Fleury, French Connect Report Ransomware Attack
Reportedly, Grupo Fleury, a healthcare facility in Brazil, has suffered a ransomware attack that disrupted its services. Grupo Fleury (or the Fleury Group, in English) is the second-largest medical diagnostic company in Brazil, conducting over 60 million tests yearly.
The news of the attack surfaced online after the facility disclosed the incident on its website.
Translating this notice reads,
The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.
In another news, a report of a similar incident came from the UK-based fashion brand French Connect. The firm suffered a cyberattack owing to vulnerabilities in back-end servers. Consequently, the firm faced IT services disruptions following the attack.
According to the statement to TheRegister,
As soon as it became aware of the breach, the company took immediate action, suspending all affected systems and engaging third-party experts to assist with resolving the situation.
The company is now actively working to restore its systems as quickly and safely as possible and where necessary is using manual overrides in order to ensure that the company can continue to operate.
REvil Involvement Suspected
Grupo Fleury hasn’t precisely disclosed details about the ransomware attack yet. However, as reported by the Bleeping Computer, Grupo Fleury has fallen prey to the notorious REvil (aka Sodinokibi) ransomware gang. The attackers have allegedly demanded a ransom of $5 million to send the decryptor.
Besides, Brazilian media has also confirmed the same in the reports.
Similarly, French Connect didn’t precisely admit the ransomware attack, nor did it name REvil. However, TheRegister could confirm REvil’s involvement after seeing passports and ID scans of staff members with the attackers.
For both incidents, it’s not presently clear if the victims have paid or will pay the ransom amounts.