The Targeted Attack: Dr. Willian Segalin's Ransomware Incident

Incident Date: Apr 25, 2024

Attack Overview

VICTIM

Dr. Willian Segalin

INDUSTRY

Healthcare Services

LOCATION

Brazil

ATTACKER

Qiulong

FIRST REPORTED

April 25, 2024

Request Removal

Ransomware Attack on Dr. Willian Segalin: A Detailed Analysis

Victim Profile: Dr. Willian Segalin

Dr. Willian Segalin is a noted plastic surgeon based in Passo Fundo, Brazil, specializing in aesthetic and reconstructive surgery, including hair implants. His practice operates primarily as a solo practitioner setup, which is highlighted on his professional website. Despite the lack of detailed financial data, the practice is presumed to be of moderate size, catering to a specialized clientele. Dr. Segalin is affiliated with reputable medical associations such as the Brazilian Society of Plastic Surgery and the Federal Council of Medicine, underscoring his professional credibility and standing in the medical community.

Details of the Ransomware Attack

The Qiulong ransomware group has targeted Dr. Segalin's practice, threatening to release 20 GB of sensitive data, including nude images of patients, personal information, financial records, and emails. The attack was publicized through the group's dark web leak site, which has been their modus operandi for disseminating information about their ransomware victims. This incident underscores a significant breach of patient confidentiality and data security, posing severe reputational risks to Dr. Segalin's practice.

Qiulong Ransomware Group Profile

The group is notorious for its activities primarily in Latin America, with a significant focus on Brazilian entities. Their attack vectors typically include exploiting known vulnerabilities such as exposed RDP servers and utilizing sophisticated techniques akin to those seen in the Hive and Nokayawa ransomware families. Their operational sophistication is evident in their use of tools like AdFind and their method of spreading ransomware through internal networks, which significantly increases the impact of their attacks.

Vulnerabilities and Industry Impact

Medical practices like that of Dr. Segalin are particularly vulnerable due to the sensitive nature of the data they handle, including health records and personal patient information. The solo nature of the practice might also contribute to lesser cybersecurity measures compared to larger healthcare institutions, making them an attractive target for ransomware groups seeking to exploit these vulnerabilities for financial gain.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.