[MART] - Daily Diary #292 - Brazilian Healthcare Company Attacked by Sodinokibi

CTAS-MAT ctas-mat at appgate.com
Fri Jun 25 21:07:35 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

06/25/2021 - Diary entry #292:

This week "Grupo Fleury", the second largest healthcare company specialized in medical service and medical diagnostics in Brazil, revealed that it was a victim of a Cyberattack. Fleury is mostly responsible for clinical treatments and medical exams processing, including COVID-19 tests.

The attack was detected last Tuesday (June 22nd). Since then customers are complaining about not having access to exam results, specially for the COVID-19 detection exam. The company website is currently showing a message, claiming that the hospital systems are being restored, and that they continue attending patients in all units.

Our team's Ransom Tracker monitors REvil (a.k.a Sodinokibi) "Happy Blog", their wall-of-shame website. Today the cybercrime group created a post for Grupo Fleury, claiming responsibility for the attack. The post says that they "can share/sell the data [...] in 3 days". As a proof they attached screenshots of spreadsheets with banking informations, patient's documents, medical history and company invoices. Fleury still hasn't confirmed publicly that it was a victim of a Ransomware Attack.

As covered in our Daily Diary #64, attacking healthcare institutions is a huge ethical violation, even among Cybercriminals. Last year some Ransomware groups declared a pause on attacking healthcare related companies, as this could aggravate the current COVID-19 pandemic, but this doesn't seem to be the case for Sodinokibi. Paying the ransom is never advised, and in this case Fleury has to face another dilemma, as having patient private medical data published is also a huge problem.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210625/2dc81938/attachment.html>

More information about the MART mailing list