Over 100 Hospitals in Romania Hit by Crypto Ransomware Attack

Table of Contents

• Attack Encrypts Patient Data, Forces Hospitals to Operate Offline
• Attackers Demand Approximately $180,000 in Bitcoin
• At Least 25 Hospitals Using Affected Information System
• Hospitals Advised to Preserve Evidence

Attack Encrypts Patient Data, Forces Hospitals to Operate Offline

On Tuesday, over 100 hospitals in Romania were hit by a major cryptocurrency ransomware attack that encrypted data and affected IT systems, forcing the hospitals to temporarily operate offline and manually.

Attackers Demand Approximately $180,000 in Bitcoin

The attackers demanded a ransom of 3.5 Bitcoin (BTC), approximately $180,000 at current exchange rates, in order for the data to be decrypted and restored. The Romanian National Cyber Security Directorate (DNSC) officially confirmed the major impact of the attack.

The ransomware attack continues to worsen, with 21 hospitals confirming that their computers had been encrypted up to the point of this article’s publication. A children’s hospital in the city of Piatra Neamt was reportedly the first facility attacked, before the malware spread to an additional 79 medical facilities across Romania.

At Least 25 Hospitals Using Affected Information System

According to reports, at least 25 hospitals using the Hipocrate Information System (HIS) have been directly affected by the major ransomware attack. The DNSC and IT experts are currently investigating the attack to determine its full extent and impact.

The Romanian Ministry of Health has yet to disclose whether it will pay the ransom demanded by the attackers in order to regain access to the encrypted data and IT systems.

The ransomware strain involved in this attack, dubbed ‘Backmydata’, is reportedly a variant of the Phobos ransomware malware family, known to be distributed via compromised Remote Desktop (RDP) connections. The ransom note threatens to sell confidential patient data and states that data restoration is only possible upon paying the ransom demand in cryptocurrency.

Hospitals Advised to Preserve Evidence

Hospitals affected by the attack are being advised to closely monitor any ransom demands in order to preserve evidence that could aid law enforcement investigations. Historical examples such as the ransomware attack against the U.S. Colonial Pipeline by the DarkSide Group in 2021, which demanded $5 million in crypto assets with the U.S. DOJ eventually recovering $2.3 million in Bitcoin, have been cited.

A recent report by Chainalysis highlighted that ransomware payments reached $1 billion in 2023, citing major attacks against entities such as the BBC and British Airways, among others.

The post Over 100 Hospitals in Romania Hit by Crypto Ransomware Attack appeared first on Althalla.