Cyber Incident Victim: Meddi Laboratório
Date:
Feb 2021
Location:
Brazil
Summary
A Brazilian diagnostic laboratory, Meddi Laboratório, suffered a ransomware attack by the Avaddon threat actor group, which exfiltrated and leaked various sensitive records including certifications, personal identification documents, contact details, and payment-related information. The attackers published a sample of stolen data as proof and issued a 10-day ultimatum for negotiations before threatening further disclosures. Notably, the compromised data did not appear to originate from electronic medical record systems. At the time of reporting, the laboratory had not publicly acknowledged the incident or posted any breach notifications on its website.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 6, 2021, Meddi Laboratório, a diagnostic laboratory in Brazil, suffered a ransomware attack attributed to the Avaddon threat actor group. The attackers exfiltrated data from the organization’s systems and subsequently published a sample of stolen files on their leak site as proof of compromise. The dumped data included routine operational documents such as certifications, alongside sensitive personal information encompassing photo identification documents, contact details, and files suggesting the presence of payment-related information. Notably, the attackers did not release electronic medical records (EMR) or clinical data as part of the initial leak. Avaddon issued a 10-day ultimatum to Meddi Laboratório, threatening to release additional data if their demands were not met. At the time of reporting, Meddi Laboratório had not publicly acknowledged the incident on its website or through official channels, leaving the full scope of compromised systems and the exact nature of the initial intrusion vector unconfirmed.
The attack exposed sensitive personal and potentially financial information of individuals associated with Meddi Laboratório, creating risks of identity theft, financial fraud, and privacy violations. The publication of photo IDs and contact details increased the likelihood of targeted phishing or social engineering attacks against affected parties. Avaddon’s established pattern of escalating data dumps following initial leaks suggested further exposure of sensitive information remained imminent unless negotiations occurred. No information was available regarding Meddi Laboratório’s internal detection mechanisms, containment efforts, or communication with regulatory authorities or affected individuals. The absence of public statements from the laboratory left stakeholders without guidance on potential risks or mitigation steps, while the threat actors maintained leverage through their possession of unreleased data and the looming deadline for further disclosures.