Ransomcortex Ransomware Attack on Perfeita Plástica Exposes 20GB of Data
Incident Date:
July 12, 2024
Overview
Title
Ransomcortex Ransomware Attack on Perfeita Plástica Exposes 20GB of Data
Victim
Perfeita Plástica
Attacker
Ransomcortex
Location
First Reported
July 12, 2024
Ransomcortex Ransomware Attack on Perfeita Plástica
Overview of Perfeita Plástica
Perfeita Plástica, a Brazilian company specializing in plastic surgery and aesthetic treatments, has been a prominent player in the healthcare services sector since its founding in 2010. Operating out of a modern facility in São Paulo, the clinic employs a team of highly skilled plastic surgeons and medical professionals. The company is known for its innovative use of cutting-edge technology to deliver safe, effective, and natural-looking results. Their website, perfeitaplastica.com.br, serves as a critical tool for business, providing detailed information about their services, pricing, and medical team credentials.
Details of the Ransomware Attack
Ransomcortex, a notorious ransomware group, has claimed responsibility for a recent cyberattack on Perfeita Plástica. The attackers have reportedly seized 20GB of sensitive data, including files named "FATURAMENTO_-_DEZEMBRO_2623 - PERFEITA PL_STICA.xlsx" and "pacientes - Perfeita Pl stica xlsx.xlsx," which likely contain financial details and patient information. This breach poses significant risks to patient privacy and the clinic's operational security.
Ransomcortex's Modus Operandi
Ransomcortex focuses its attacks exclusively on healthcare facilities, recognizing the high value of healthcare data. The group exploits this data for financial fraud, extortion, and selling personal medical information on online black markets. They actively recruit individuals for various roles, including making ransom payments and gathering intelligence. Ransomcortex communicates through Tox, email, and Session ID, and explicitly avoids targeting specific nations and companies that have previously paid ransoms.
Potential Vulnerabilities
Given the nature of Perfeita Plástica's business, the clinic likely stores a significant amount of sensitive patient data, making it an attractive target for ransomware groups like Ransomcortex. The attack could have penetrated the company's systems through phishing emails, exploiting software vulnerabilities, or inadequate cybersecurity measures. The breach underscores the critical need for robust cybersecurity protocols in healthcare facilities to protect sensitive information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.