Brazil’s largest medical diagnostics company Grupo Fleury reportedly suffered a debilitating ransomware attack earlier this week that forced it to take systems offline and initiate restoration operations.
On June 22, Grupo Fleury issued its first public statement to confirm that it suffered a cyber attack that caused a major disruption to its online services. Stating that the attack resulted in the unavailability of part of its systems and operations, the medical diagnostics giant said it followed its security and control protocols with the objective to minimise the possible impact.
On June 24, the company announced that it had started to reestablish internal systems at hospitals. “This was the priority of the Company since the beginning of this incident, given the criticality of care for inpatients. At the same time, we continue to care for our patients in all our Patient Service Centers through contingency solutions.
“We reiterate that our database is integrate and we emphasize that there is no evidence of leakage of data and sensitive information. The Company continues to rely with the work of leading companies in technology, information security, as well as quality assurance, in other words, an audit dedicated to certifying the quality of the process of reestablishment of our service operations,” it said.
In another notice to investors published on June 25, Grupo Fleury said it achieved a significant progress in the safe return to normal of all technology platform with the help of leading cyber security companies.
“We are gradually normalizing our operations in a controlled manner, with the necessary security tests being performed, prioritizing the automatic integration with hospitals’ systems into our environments, which has been occurring gradually and successfully.
“Our Patient Service Centers continue to serve our patients with systems that have already been restored. The services of our Call Center to schedule exams are already operational for the Fleury brand, and other brands should be restored in the coming days,” the company added.
In all of the issued statements, Grupo Fleury did not comment on the nature of the cyber attack, whether a ransom demand was made, or whether the company was engaging with hackers in the event of a possible ransomware attack. According to the Brazilian news website Globo, the company is working with IBM, Microsoft, Accenture, PWC, and Proteus in investigating the cyber incident.
However, according to Bleeping Computer, the diagnostics giant reportedly suffered a ransomware attack orchestrated by the REvil ransomware gang. The hackers are demanding as much as $5 million in cryptocurrency as a ransom and are threatening to double the amount if the company does not pay within 48 hours of receipt of the demand. According to Andy Norton, European Cyber Risk Officer at Armis, the targeting of Grupo Fleury by the REvil gang is not surprising considering the company’s size and reputation.
“The Healthcare industry and healthcare supply chain are both one of the top three targeted sectors worldwide. Additionally, REvil are launching a lot of attacks at the moment, having hit a maritime organisation in Brazil earlier this month.
“At the moment it looks like REvil is only accepting payment in Monero coin (XMR) which is a fully fungible currency, this may be a reaction to the confiscation of the DarkSide Bitcoin wallets in May. With a revenue of $500 million USD, the victim would also classify as “big game”, and therefore considered more likely to make a ransom payment,” Norton said.
It remains to be seen if the news about REvil demanding $5 million from Grupo Fleury is accurate, but the ransomware gang has enjoyed incredible success in recent days when it comes to extracting millions from big-dollar brands. Earlier in June, the gang extracted $11 million (£7.7 million) in ransom from meat processing giant JBS Foods, shortly after targeting the company’s facilities on November 30.
The ransomware group also successfully extracted $2.3m in ransom from foreign currency exchange service Travelex in April last year after initially demanding as much as $6 million (£4.6m) from the company. A Travelex spokesman said the company had taken advice from a number of experts and had kept regulators and partners informed about its efforts to manage the recovery.