Clothing maker French Connection Group plc and Brazillian medical diagnostic company Grupo Fleury are the latest companies targeted by the REvil ransomware gang.

The attack on French Connection, also known as FCUK, was first reported by The Register. It involved the REvil gang exploiting a security vulnerability in the company’s backend. As a result, internal company data, including passport and identification scans, were stolen, with the gang showing some of the stolen data as proof of the hack.

French Connection confirmed the attack, saying that it had “been the target of an organized cyber-attack affecting its back-end servers, which control its internal systems and operations.” However, the company noted that its front-end servers, including those that process payments for stores and its online operations, were not affected and that it had no evidence to suggest that customer data had been stolen.

The company declined to comment as to whether it had received a ransom demand. Typically, REvil encrypts and steals data then threatens to publish the stolen data if a ransom is not paid. In an attack on Acer Inc. in March, the group demanded a ransom payment of $50 million, while an attack on meat processing firm JBS S.A. resulted in the company paying a ransom of $11 million earlier this month.

Across the Atlantic, Grupo Fleury, the largest medical diagnostics company in Brazil with over 200 service centers and 10,000 employees, was struck by REvil on Tuesday, June 22. The company’s website displayed an alert saying that it had suffered from an attack and was prioritizing the restoration of systems.

Although local reports in Brazil did not name the form of the attack, cybersecurity sources told Bleeping Computer that the attack involved the REvil gang. In a sample of the ransomware used and shared with Bleeping Computer, the ransom demanded was $5 million paid in Monero cryptocurrency. The price doubled to $10 million if the ransom was not paid on time.

The two companies are added to the list of REvil victims, including Quanta Computer Inc. in April, celebrity law firm Grubman Shire Meiselas & Sacks in May 2020 and foreign exchange provider Travelex in late December 2019.

“It seems we need a hashtag like #ransomwarealertfatigue, or #raf,” Dirk Schrader, global vice president, security research at IT security and compliance software firm New Net Technologies Ltd., told SiliconANGLE. “FCUK was not the first and it won’t be the last to get hit.”

Unfortunately, he added, companies, users and even some security professionals will take limited or even no notice about it. “IT Security is already on high alert and the other two groups seem to have adjusted to the problem with no intention to change their approach to the risk,” he said.

Discussing the attack on Grupo Fleury, Jamie Hart, cyber threat intelligence analyst at digital risk protection company Digital Shadows Ltd., noted that the attack was the latest REvil campaign targeting Brazil-based organizations.

“In a previous statement made to the Russian-OSINT Telegram channel, a REvil representative stated that they were targeting Brazil for revenge,” Hart said. “However, it is not known what that revenge is for. REvil is known for exfiltrating data and the data could include personally identifiable information and sensitive medical information of their patients and staff, which could be detrimental for the organization.”

Photo: Justinc/Wikimedia Commons