REvil ransomware gang targets French Connection and Grupo Fleury

Clothing maker French Connection Group plc and Brazillian medical diagnostic company Grupo Fleury are the latest two companies targeted by the REvil ransomware gang.

The attack on French Connection, also known as FCUK, was first reported by The Register and involved the REvil gang exploiting a security vulnerability in the company’s backend. As a result, internal company data, including passport and identification scans, were stolen with the gang showing some of the stolen data as proof of the hack.

French Connection confirmed the attack, saying that it had “been the target of an organized cyber-attack affecting its back-end servers, which control its internal systems and operations.” However, the company noted that its front-end servers, including those that process payments for stores and its online operations, were not affected and that it had no evidence to suggest that customer data had been stolen.

The company declined to comment as to whether it had received a ransom demand. Typically, REvil encrypts and steals data then threatens to publish the stolen data if a ransom is not paid. In an attack on Acer Inc. in March, the group demanded a ransom payment of $50 million, while an attack on meat processing firm JBS S.A. resulted in the company paying a ransom of $11 million earlier this month.

Across the Atlantic, Grupo Fleury, the largest medical diagnostics company in Brazil with over 200 service centers and 10,000 employees, was struck by REvil on Tuesday, June 22. The company’s website displayed an alert saying that they had suffered from an attack and that they were prioritizing the restoration of systems.

While local reports in Brazil did not name the form of the attack, cybersecurity sources told Bleeping Computer that the attack involved the REvil gang. In a sample of the ransomware used and shared with Bleeping Computer, the ransom demanded was $5 million paid in Monero cryptocurrency. The price doubled to $10 million if the ransom was not paid on time.

The two companies are added to the list of REvil victims, including Quanta Computer Inc. in April, celebrity law firm Grubman Shire Meiselas & Sacks in May 2020 and foreign exchange provider Travelex in late December 2019.

“It seems we need a hashtag like #ransomwarealertfatigue, or #raf,” Dirk Schrader, global vice president, security research at IT security and compliance software firm New Net Technologies Ltd. told SiliconANGLE. “FCUK was not the first and it won’t be the last to get hit.”

“Unfortunately, companies, normal users and perhaps also some security professionals will take limited or even no notice about it,” Schrader explained. “IT Security is already on high alert and the other two groups seem to have adjusted to the problem with no intention to change their approach to the risk.”

Discussing the attack on Grupo Fleury, Jamie Hart, cyber threat intelligence analyst at digital risk protection company Digital Shadows Ltd. noted that the attack was the latest REvil campaign targeting Brazil-based organizations.

“In a previous statement made to the Russian-OSINT Telegram channel, a REvil representative stated that they were targeting Brazil for revenge,” Hart said. “However, it is not known what that revenge is for. REvil is known for exfiltrating data and the data could include personally identifiable information and sensitive medical information of their patients and staff, which could be detrimental for the organization.”

Photo: Justinc/Wikimedia Commons

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.

 

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.