Brazilian medical diagnostics company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company shut down its systems.
Grupo Fleury is the largest medical diagnostic company in Brazil, with more than 200 service centers and more than 10,000 employees. The company performs approximately 75 million clinical exams in a year.
As of yesterday, the Fleury website began displaying an alert warning that they suffered an attack and that the systems are no longer accessible.
“Please note that our systems are currently unavailable and that we are prioritizing restoring services,” reads the alert translated into English.
“The causes of this unavailability originated in the attempted external attack on our systems, which are restarting their operations with all the resources and technical efforts for the rapid standardization of our services.”
With their systems turned off, business operations are disrupted and patients cannot schedule lab tests or other clinical exams online.
If you have first-hand information about this or other unreported cyberattacks, you can contact us confidentially at Signal at +1 646 961 731 or on Wire at @ lawrenceabrams-bc.
Fleury Group allegedly affected by ransomware
While local media have received confirmation that the company has suffered a cyberattack, Grupo Fleury has not officially confirmed a ransomware attack.
However, cybersecurity sources have told Bleeping Computer that Grupo Fleury suffered an attack by the ransomware operation known as REvil, also known as Sodinokibi.
This ransomware operation is responsible for numerous high-profile attacks, including the Brazilian judicial system in Rio Grande do Sul, nuclear weapons contractor Sol Oriens, and JBS, the world’s largest meat producer.
In a sample of the alleged ransomware used in the attack and shared with Bleeping Computer, the REvil ransomware operation requires $ 5 million to receive a decryptor and not filter allegedly stolen files.
REvil is known for stealing files before encrypting devices and then using the stolen data as a lever for a company to pay the ransom.
As of the alleged ransomware sample, the attackers have not shared any evidence of stolen data or mention of the victim’s name at this time.
If data has been stolen, the Fleury Group data is of great concern as it could contain huge amounts of patients’ personal and medical data.
Bleeping Computer has contacted Grupo Fleury with further questions, but has not received a response at this time.