French Connection UK (FCUK), a British fashion company of growing popularity, confirmed that its systems were compromised due to an infection of the REvil ransomware. Just a few hours later, Brazilian medical services company Grupo Fleury announced that its systems had been infected with exactly the same malware variant, demonstrating the broad scope of this malicious operation.
Apparently the operators of the ransomware managed to compromise the back-end servers of the fashion company to steal confidential data from its staff before concretizing the encryption of the systems. French Connection confirmed the cyberattack in a statement, though they note that so far there is no evidence that customer data has been compromised during the attack.
Among the stolen information are scanned images of identity cards and passports of the company’s top members, including founder and chief executive officer Stephen Marks, chief financial officer Lee Williams and other members of the company’s board of directors. At the moment the ransom amount demanded by the attackers is unknown.
For its part, Fleury Group confirmed that its systems were infected with the REvil ransomware on Tuesday. According to an internal source, hackers are demanding a ransom of $5 million to restore the affected systems to normal.
Due to the near-simultaneous detection of these incidents it was believed that they could have been operated by the same attackers, although Jamie Hart, an analyst at the security firm Digital Shadows does not see a connection between the two incidents, as he maintains that the attack on Grupo Fleury is part of a massive campaign against medical services companies in Brazil allegedly operated from Russia.
The expert argues that it is all part of a campaign for the theft of confidential information, which threat actors believe would make it easier to obtain a ransom due to the multiple data protection laws that currently exist.
As has become customary in REvil attacks, the compromised information could appear leaked in some hacking forum if the attackers’ demands are not met. This new approach to attacking has allowed threat actors to make greater profits from these malicious campaigns.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.