The Targeted Attack: Dr. Willian Segalin's Ransomware Incident

Incident Date:

April 25, 2024

World map



The Targeted Attack: Dr. Willian Segalin's Ransomware Incident


Dr. Willian Segalin




Passo Fundo, Brazil

, Brazil

First Reported

April 25, 2024

Ransomware Attack on Dr. Willian Segalin: A Detailed Analysis

Victim Profile: Dr. Willian Segalin

Dr. Willian Segalin is a noted plastic surgeon based in Passo Fundo, Brazil, specializing in aesthetic and reconstructive surgery, including hair implants. His practice operates primarily as a solo practitioner setup, which is highlighted on his professional website. Despite the lack of detailed financial data, the practice is presumed to be of moderate size, catering to a specialized clientele. Dr. Segalin is affiliated with reputable medical associations such as the Brazilian Society of Plastic Surgery and the Federal Council of Medicine, underscoring his professional credibility and standing in the medical community.

Details of the Ransomware Attack

The Qiulong ransomware group has targeted Dr. Segalin's practice, threatening to release 20 GB of sensitive data, including nude images of patients, personal information, financial records, and emails. The attack was publicized through the group's dark web leak site, which has been their modus operandi for disseminating information about their ransomware victims. This incident underscores a significant breach of patient confidentiality and data security, posing severe reputational risks to Dr. Segalin's practice.

Qiulong Ransomware Group Profile

The group is notorious for its activities primarily in Latin America, with a significant focus on Brazilian entities. Their attack vectors typically include exploiting known vulnerabilities such as exposed RDP servers and utilizing sophisticated techniques akin to those seen in the Hive and Nokayawa ransomware families. Their operational sophistication is evident in their use of tools like AdFind and their method of spreading ransomware through internal networks, which significantly increases the impact of their attacks.

Vulnerabilities and Industry Impact

Medical practices like that of Dr. Segalin are particularly vulnerable due to the sensitive nature of the data they handle, including health records and personal patient information. The solo nature of the practice might also contribute to lesser cybersecurity measures compared to larger healthcare institutions, making them an attractive target for ransomware groups seeking to exploit these vulnerabilities for financial gain.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.