On Tuesday, the National Cyber Security Directorate (DNSC) of Romania confirmed that more than 100 hospitals in the country fell victim to a crypto ransomware attack. The perpetrators, who remain unidentified, have demanded a ransom of 3.5 Bitcoin (BTC), equivalent to approximately $180,000, in exchange for decrypting the compromised data.
The ransomware attack crippled the IT systems of over 100 hospitals, causing disruption to their operations as data was encrypted, forcing them to function offline.
According to the latest update from DNSC, 25 hospitals in Romania utilizing the Hipocrate Information System (HIS) were directly impacted by the attack. The Ministry of Health highlighted that the system outage resulted in the encryption of files and databases.
The Ministry stated, “The incident is currently under investigation by IT specialists, including cyber security experts from the National Cyber Security Directorate. Assessment of potential recovery options is underway.” However, it did not disclose whether authorities are considering complying with the ransom demands in Bitcoin.
The ransomware, identified as ‘Backmydata’, is a variant of the Phobos malware family and is typically disseminated through compromised Remote Desktop (RDP) connections. The ransom note issued by the attackers emphasizes the seriousness of the situation, threatening to auction off confidential data if negotiation fails. It also stipulates that data decryption will only be possible upon payment of the ransom in digital currency.
Additionally, hospitals in Romania have been advised to closely monitor any ransom demands to ensure the preservation of evidence.
Bitcoin Demands in Ransomware
This incident is not isolated, as it bears resemblance to previous instances where attackers demanded Bitcoin ransom payments. The ‘Backmydata’ ransomware attack shares similarities with the notorious “WannaCry” attack that targeted the UK’s National Health Service (NHS) in May 2017.
In 2021, the Russian DarkSide Group orchestrated an attack on the US Colonial Pipeline, demanding a ransom of $5 million worth of cryptocurrency. Subsequently, the US Department of Justice managed to recover $2.3 million in Bitcoin from DarkSide, equivalent to approximately 63.7BTC at the time.
Furthermore, a recent report from Chainalysis revealed that ransomware payments surged to an alarming $1 billion in 2023. Among the notable victims were well-known entities such as the BBC, British Airways, and various other high-profile institutions.