The group is branching out into multiple sectors, targeting the leaders in each one globally.
The REvil ransomware gang has now targeted the UK’s upscale clothing maker French Connection Group plc and Brazillian medical diagnostic company Grupo Fleury.
UK tech zine The Register first reported the French Connection attack. In a statement to The Register, the company confirmed it had “been the target of an organised cyber-attack affecting its back-end servers, which control its internal systems and operations.”
The company was quick to add, however, that the attack did not affect its front-end servers, including those that process payments for stores and its online operations. Moreover, they claimed to have no evidence to suggest that the attackers had stolen customer data.
Truly REvil: disrupting medical providers during a pandemic
Almost at the same time, REvil also attacked Grupo Fleury, the largest medical diagnostics company in Brazil. The group operates over 200 service centers with 10,000 employees. This week the company’s website displayed an alert saying that it had been attacked and was prioritizing the restoration of systems.
The English version of the alert reads: “Please be advised that our systems are currently unavailable and that we are prioritizing the restoration of services”.
“The causes of this unavailability originated from the attempted external attack on our systems, which are having operations reestablished with all the resources and technical efforts for the rapid standardization of our services.”
Are the Russians out for revenge?
Local reporting in Brazil declined to name the nature of the attack on Fleury. However, cybersecurity sources told Bleeping Computer that the attack involved the REvil gang. In a sample of the ransomware used and shared with Bleeping Computer, the ransom demanded was $5 million paid in Monero cryptocurrency. The price doubled to $10 million if the ransom was not paid on time.
Jamie Hart, cyber threat intelligence analyst at digital risk protection company Digital Shadows Ltd., told Silicon Angle that the attack was just the lates in a series of REvil attacks targeting Brazilian organizations. “In a previous statement made to the Russian-OSINT Telegram channel, a REvil representative stated that they were targeting Brazil for revenge,” Hart said.
“However, it is not known what that revenge is for. REvil is known for exfiltrating data and the data could include personally identifiable information and sensitive medical information of their patients and staff, which could be detrimental for the organization.”