--- title: "KillSec Ransomware targets Brazilian health tech company! | Phish Protection" description: "KillSec Ransomware targets Brazilian health tech company!: https://media.mailhop.org/phishprotection/images/2025/09/KillSec-Ransomware-targets-Brazilian-healt." image: "https://phishprotection.com/og/blog/killsec-ransomware-targets-brazilian-health-tech-company.png" canonical: "https://phishprotection.com/blog/killsec-ransomware-targets-brazilian-health-tech-company/" --- Quick Answer by Phishing Protection https://media.mailhop.org/phishprotection/images/2025/09/KillSec-Ransomware-targets-Brazilian-health-tech-company.mp3 MedicSolution, a health tech company in Brazil, was targeted by the notorious KillSec ransomware group in September. 8\. The threat actors have managed to steal over 34 GB worth of data. They are now threatening the health tech brand to fulfill their ransomware demand, or otherwise they will leak all the data on the dark web. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fkillsec-ransomware-targets-brazilian-health-tech-company%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=KillSec%20Ransomware%20targets%20Brazilian%20health%20tech%20company!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fkillsec-ransomware-targets-brazilian-health-tech-company%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fkillsec-ransomware-targets-brazilian-health-tech-company%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fkillsec-ransomware-targets-brazilian-health-tech-company%2F&title=KillSec%20Ransomware%20targets%20Brazilian%20health%20tech%20company! "Share on Reddit") [ ](mailto:?subject=KillSec%20Ransomware%20targets%20Brazilian%20health%20tech%20company!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fkillsec-ransomware-targets-brazilian-health-tech-company%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2025/09/aws-s3-cyberattack.jpg) ##### KillSec Ransomware targets Brazilian health tech company! by **Phishing Protection** ``` ``` MedicSolution, a health tech company in Brazil, was targeted by the notorious[KillSec ransomware](https://www.darkreading.com/cyberattacks-data-breaches/killsec-ransomware-brazil-healthcare-software-provider)group in September. 8\. The threat actors have managed to steal over 34 GB worth of data. They are now threatening the health tech brand to fulfill their ransomware demand, or otherwise they will leak all the data on the dark web. The stolen data consists of over 94,000 files, including unredacted patient images, X-rays, details, and \*\* patient records of minors\*\* , and so much more. After a thorough investigation, they realized that the insecure \*\* AWS S3 buckets\*\* enabled the cybercriminals to creep into the systems of MedicSolution. Experts also feel that the attack must have taken place way back in the months. Because of this cyberattack, several other Brazilian healthcare centers are also at high risk, such as Clinica Especo Vida , Labclinic, Vita Exame, Laboratorio Alvaro, and Centro Diagnostico Toledo, among others. This is so because[MedicSolution](https://medicalbuyer.co.in/killsec-ransomware-attacks-medicsolution-in-brazil/)is a**software provider**that offers cloud storage facilities to different healthcare institutions and clinics so that they can carry out everyday operations with utmost ease. ![Aws s3 cyberattack](https://media.mailhop.org/phishprotection/images/2025/09/aws-s3-cyberattack.jpg) The ransomware attack has directly affected those patients whose \*\*personal details and medical records \*\* are listed on MedicSolution. Highly sensitive data, such as medical assessments, test results, and past medical history, has all been compromised - thanks to this breach. ### **Why are supply chain attacks a growing threat?** Cybersecurity experts believe that supply chains are a favorite target among[threat actors](/phishing-awareness/threat-actors-target-a-popular-donut-company-in-the-us). This is so because they are a treasure trove of data. The same data can be exploited to attack multiple targets conveniently. Such attacks enable cybercriminals to carry out large-scale data theft, leading to easy, random demands and**smooth payment diversions**. The connection between health tech providers and suppliers makes them highly suitable options for cybercrooks . ![Healthcare attack](https://media.mailhop.org/phishprotection/images/2025/09/healthcare-attack.jpg) Another reason why cybercrooks prefer supply chain attacks is the higher**degree of untraceability**. Such attackers can go untraced for a long time after the_[\_ cyberattack \_](/cybersecurity/the-uae-witnessing-a-staggering-surge-in-cyberattack-incidents)_, which helps them make the most out of their threat campaigns. What’s more concerning is the fact that the impacted patients have not yet been informed about the[ransomware attack](https://cybersecuritynews.com/plaintext-file-exposed-secrets/). Some of the researchers tried to get in touch with some of these patients and realized that the victims are completely unaware of the**cyber mishap**. Since they are in complete darkness about the incident, they are in no way prepared to safeguard themselves from any potential cyberattack or scam in the future. The Brazilian health tech company MedicSolution is not the sole target of the KillSec**ransomware group**. The latter claims that they have wiped out data from other[healthcare institutions](https://www.resecurity.com/blog/article/killsec-ransomware-is-attacking-healthcare-institutions-in-brazil)such as Columbia, the US, and Peru. All these have happened just a few days before the MedicSolution threat attack. ![Ransomeware attack](https://media.mailhop.org/phishprotection/images/2025/09/ransomeware-attack.jpg) Doctocliq, another healthcare software solutions provider, was targeted by the same ransomware group almost 30 days ago. This health tech company is based in Peru and offers**software solutions**to over 2500 health care organizations across 20 nations. The CEO of Resecurity, Gene Yoo, stated that KillSec was earlier a hacktivist collective. But now it has evolved into a cybercriminal group. The same name is used by so many independent**threat actors**and other cybercriminal groups. They carry out different types of cybercrimes such as ransomware operations,[DDoS attacks](https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html), and so on. KillSec has been following a consistent pattern in its threat campaigns, largely centering on the misuse of exposed and vulnerable cloud resources. This tactic is becoming increasingly common across Brazil, where ongoing economic shifts and rapid digitization create a lucrative environment for**cybercriminals**. Yoo notes that cybercrooks are treating the region as especially profitable, which highlights the urgent need for stronger defenses, including[phishing protection](/), to reduce the impact of such attacks. The scenario is absolutely the same for the sudden surge of cybercrimes across South and Latin America. ![Phishpr info](https://media.mailhop.org/phishprotection/images/2025/09/phishpr-info.jpg) ### **Best practices to mitigate ransomware risks** > “over 90% of ransomware attacks begin with a phishing email ([Verizon 2024 Data Breach Investigations Report](https://www.verizon.com/business/resources/reports/dbir/)) email. Blocking the phishing email is the most effective ransomware prevention strategy available - it stops the attack at the earliest possible stage, before any malware reaches your network. Every ransomware incident we’ve investigated started with an email that should have been caught.” - **Vasile Diaconu**, Operations Lead, DuoCircle #### **Adopt proactive defense mechanisms** Experts believe that organizations must adopt strong defense mechanisms to steer clear of such threat risks. From gathering**cyber threat intelligence**to persistent threat monitoring, organizations must integrate[cyber hygiene](https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/?web%5Fview=true)in their day-to-day operations. Special attention should be given to cyber threats from supply chain vendors and third-party service providers . #### **Implement cloud security monitoring** Cloud security monitoring helps identify data leaks and misconfigurations early on. #### **Leverage Attack Surface Management (ASM)** [Leveraging Attack Surface Management](https://www.sprocketsecurity.com/blog/leveraging-threat-intelligence-for-better-attack-surface-management)(ASM) is yet another strategy that helps enterprises detect and remediate any kind of vulnerabilities before a \*\* potential threat attack\*\* occurs. ![Cyber threat](https://media.mailhop.org/phishprotection/images/2025/09/cyber-threat-1.jpg) #### **Maintain digital asset visibility** Maintaining a constant digital watch over cloud services, servers, applications, and other assets enables the detection of weaknesses in advance, allowing for \*\* timely remediation \*\* and reducing the risk of intrusions. #### **Enforce access controls and data policies** Limit access to sensitive health data only to authorized personnel, obtain proper consent before processing[personal data](/announcements/cybersecurity-updates-for-the-week-17-of-2023), and implement strict**data protection policies**\_ . #### **Conduct regular cybersecurity training** Frequent_**training sessions**_help staff stay updated on evolving threats and best practices, strengthening the human element of defense. ![Threat group](https://media.mailhop.org/phishprotection/images/2025/09/threat-group-1.jpg) #### **Upgrade infrastructure and systems** Phasing out[outdated infrastructure](https://blog.american-technology.net/dangers-outdated-it-infrastructure/)and continually updating**cybersecurity systems**helps mitigate risks associated with advanced attack methods. ## Topics [ Phishing ](/tags/phishing/) ![Vishal Lamba](https://media.mailhop.org/phishprotection/images/authors/vishal-lamba.jpg) [ Vishal Lamba ](/authors/vishal-lamba/) Marketing Manager Marketing Manager at DuoCircle. Leads demand generation, lead generation, and content strategy across the email security product family. [LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"KillSec Ransomware targets Brazilian health tech company!","description":"KillSec Ransomware targets Brazilian health tech company!: https://media.mailhop.org/phishprotection/images/2025/09/KillSec-Ransomware-targets-Brazilian-healt.","url":"https://phishprotection.com/blog/killsec-ransomware-targets-brazilian-health-tech-company/","datePublished":"2025-09-18T06:50:48.000Z","dateModified":"2026-04-17T16:29:18.000Z","dateCreated":"2025-09-18T06:50:48.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://phishprotection.com/authors/vishal-lamba/","jobTitle":"Marketing Manager","description":"Vishal Lamba is the Marketing Manager at DuoCircle, leading demand generation and lead generation across the company's email security product family. He manages a content team producing how-to guides, vendor-specific configuration walkthroughs, and educational resources for DuoCircle's products including Phish Protection, AutoSPF, and DMARC Report. His work spans campaign strategy, content marketing, and translating technical email authentication concepts into actionable resources for IT administrators and security teams.","image":"https://media.mailhop.org/phishprotection/images/authors/vishal-lamba.jpg","knowsAbout":["Demand Generation","Lead Generation","Content Marketing Strategy","Email Security Marketing","Team Leadership"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/killsec-ransomware-targets-brazilian-health-tech-company/"},"articleSection":"foundational","keywords":"Phishing","wordCount":968,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2025/09/aws-s3-cyberattack.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"KillSec Ransomware targets Brazilian health tech company!","item":"https://phishprotection.com/blog/killsec-ransomware-targets-brazilian-health-tech-company/"}]} ```