Week of Monday, June 21, 2021 | Issue 24
Priya Venkadesh, Hubert Zhang, Counterintelligence and Cyber (CICYBER) Team
Ysgol Syr Thomas Jones School
Date: June 22, 2021
Location: Grupo Fleury Headquarters, São Paulo, State of São Paulo, Brazil
Parties involved: Grupo Fleury; REvil
The event: On June 22, 2021, Grupo Fleury, the largest medical diagnostics company in Brazil, suffered a ransomware attack launched by the ransomware syndicate REvil. REvil encrypted the company’s data and allegedly stole files that have not yet been identified. REvil has demanded a $5 million USD payment in return for decrypting Grupo Fleury’s data and not leaking the stolen files online. After the attack, the Grupo Fleury website displayed a warning that they had suffered a cyberattack and that their services were temporarily unavailable. The implications:
The attack on Grupo Fleury will likely cause widespread, life-threatening disruptions for medical patients across Brazil. Grupo Fleury conducts approximately 75 million clinical exams in a year and has also been providing COVID-19 tests. With patients unable to schedule lab tests and clinical exams online, they are experiencing delayed and canceled appointments, which can lead to missed diagnoses and other health-related problems. COVID infections are likely to increase as a result, causing severe damage to the health of the Brazilian population.
The attack is part of the recent trend of REvil’s ransomware attacks against high-profile targets. The attack occurred not long after REvil’s ransomware attack against meat processing company JBS Foods and parent company JBS SA, also based in Brazil. REvil was also responsible for the recent ransomware attacks against renewable energy company Invenergy and nuclear weapons contractor Sol Oriens. The attack against Grupo Fleury is part of REvil’s aggressive ransomware campaign against critical resources: food, nuclear operations, and in this case, medical services. There is a high probability that REvil attacks against high-profile targets will increase in scale and prevalence. Critical infrastructures and resources will also likely continue to be severely impacted.
The attack will negatively impact the Brazilian economy, which has just begun recovering from the COVID-19 pandemic. As of June 1, the Brazilian economy had returned to pre-pandemic levels, mostly due to many Brazilians ignoring lockdown orders and the easing of lockdown restrictions. The attack’s impact on COVID-19 testing will increase the rate of infection and could lead to more lockdowns and less consumer activity, slowing the country’s economic recovery.
The attack will likely damage the reputation of Grupo Fleury and decrease patients’ confidence in the company. The stolen data could contain highly sensitive information of patients, such as medical and financial information. If such data were to be leaked online, consumer trust in Grupo Fleury will drop.
Date: June 23, 2021
Location: Anglesey, Wales, UK
Parties involved: The Welsh National Cyber Security Centre (NCSC); Ysgol Syr Thomas Jones; Ysgol Uwchradd; Ysgol Gyfun Llangefni; Ysgol David Hughes; Ysgol Uwchradd Caergybi; Unknown attacker
The event: On June 23, 2021, five secondary schools in Anglesey suffered a system security breach. Officials stated that the affected systems were shut down. However, personal data and emails may have been compromised in the process, and the schools will be experiencing continuing disruptions. The perpetrators have not yet been identified. The National Cyber Security Centre will assist the schools to mitigate the effects of the attack.
The attack on critical infrastructure is likely to create panic. Attacking multiple schools in the same area is particularly disruptive to the education of local residents. Students will not have access to school computers and IT systems needed for their coursework and communications, which can delay their learning process and lead to unfinished courses. It may not be financially motivated as the perpetrators have not requested a ransom. The motive for the attack remains unclear, though it may be part of a recent surge in financially motivated ransomware attacks against schools across the United Kingdom.
The attack may severely impact the reputation of schools and lead to legal repercussions. Students’ educational, personal, familial, and financial records may be leaked as a result of the attack, which can lead to a loss of trust in the schools as well as potential legal action against them.
 REvil Hacking Group’s Ransomware Attack on US Nuclear Weapons Contractor Sol Oriens; Invenergy Data Breach, Tech Times, June 2021, https://www.techtimes.com/articles/261472/20210615/revil-hacking-group-s-ransomware-attack-nuclear-weapons-contractor-sol.htm