The REvil Ransomware gang
Within a few of hours of one other, two well-known businesses were attacked by the notorious ransomware gang.
French Connection, a popular UK-based fashion company that uses the abbreviation FCUK, revealed that it was affected by a ransomware gang known as REvil. It only took hours for another medical diagnostics company in Brazil, Grupo Fleury, to declare that they, too, were having the same issue.
These two attacks conducted by one of the world’s most serious ransomware threat groups demonstrate a change in their tactics and motives.
After breaching the security of French Connection’s back-end servers, the notorious ransomware gang, also known as Sodinokibi, was able to get access to the business’s internal files and pilfer the personal data of corporate officials.
The company released a statement to acknowledge the breach, but emphasized that they had “no evidence” that customer data was accessed during the attack. They also noted that the company’s operations were proceeding to run as normal.
Passport and identity card scans for the company’s senior executives, founder and CEO Stephen Marks, CFO Lee Williams and COO Neil Williams, were among the stolen data, according to what has been revealed about the incident.
French Connection’s statement said that as soon as it was made aware of the security compromise, the company took quick action, shutting down all impacted systems and contacting third-party specialists to help in addressing the situation. In addition, the professionals that are working on the case are utilizing manual overrides to guarantee that the company can continue to function.
Grupo Fleury, a Brazilian medical diagnostics company, was the other victim attacked by the malicious software REvil on Tuesday. The company did not provide an update on when they are expected to return to service but informed that they are actively working to recover their systems.
According to what has been revealed about this attack, REvil is asking $5 million to give Grupo Fleury a decryption key.
Analysis of both of the attacks are showing that the French Connection incident is likely one of opportunity, to demonstrate that any business can be compromised, regardless of location.
This Grupo Fleury attack, however, seems to be a part of a wider REvil effort to target businesses located in Brazil.
REvil is a piece of malware, well known for its ability to exfiltrate various types of data from their targets, including personally identifiable information (PII) and other sensitive details of high importance to the victim. When the ransom is not paid, such data is likely to appear on a leak site in the near future.