Bitcoin Ransomware Paralyzes 100 Romanian Hospitals, Hackers Demand 3.5BTC

Authorities in Romania have confirmed that a ransomware attack targeting the Hipocrate Information System (HIS) has resulted in significant disruptions to medical services, impacting at least 100 hospitals.

The HIS platform, crucial for managing medical and administrative tasks within healthcare institutions, fell victim to the cyberattack on February 11. The attackers encrypted data stored on production servers, rendering essential systems inaccessible.

JUST IN: #Bitcoin Ransomware Paralyzes 100 Romanian Hospitals, Hackers Demand 3.5BTC 🇷🇴.

— Coinwaft (@coinwaft) February 14, 2024

Acknowledging the severity of the attack, the Romanian Ministry of Health stated that the number of affected hospitals initially stood at 21 but later escalated to 25. Additionally, 79 hospitals proactively shut down their systems to prevent further compromise.

The ransomware variant employed by the threat actors is a strain of the Phobos ransomware family, known as Backmydata ransomware. The attackers are demanding a ransom payment of 3.5 BTC (approximately 157,000 EURO) for decryption keys.

Romania Government’s Response and Preventive Measures

In response, cybersecurity specialists, including experts from the National Cyber Security Directorate, have been mobilized to assess the situation. The Romanian government has implemented extraordinary preventive measures to safeguard unaffected hospitals and mitigate the impact of the incident.

The Directorate for Special Telecommunications and Information Security (DNSC) has issued recommendations to hospitals utilizing the HIPOCRATE platform, advising them on best practices for managing the aftermath of the attack. These measures include identifying affected systems, preserving evidence, notifying stakeholders, and restoring systems from secure backups.

Read Also: Hackers Exploit Windows Tool to Deploy Crypto-Mining Malware

Concerns persist regarding the potential exfiltration of sensitive data by the threat actors. It remains uncertain whether the attackers have accessed or stolen confidential information from the compromised organizations.

This cyberattack underscores the growing threat posed by cybercriminals targeting critical infrastructure, particularly in the healthcare sector.

With hospitals already grappling with the challenges posed by the ongoing pandemic, such incidents further highlight the urgent need for robust cybersecurity measures and proactive defense strategies to safeguard vital services and patient data.