More than 100 Romanian hospitals offline after bitcoin ransom demand

More than 100 Romanian hospitals were taken offline this month after a ransomware group attacked their IT systems, encrypted data, and demanded a bitcoin ransom worth $174,000, according to the country’s National Cyber Security Directorate (DNSC).

The DNSC revealed that 25 hospitals using the Hipocrate Information System (HIS) have been directly impacted, while computers in another 79 have been taken offline as authorities figure out the scale of the attack.

Romania's ongoing hospital ransomware attack is getting worse. Cyber security centre said last night that 21 hospitals have had computers encrypted. A chidren's hospital was the first to get hit but now it's spread. Computers in 79 other medical facilities have been unplugged pic.twitter.com/rdsX31VhFd

— Joe Tidy (@joetidy) February 13, 2024

Read more: Bitcoin ransomware gang claims to have hacked major UK water provider

The Romanian security agency claims it doesn’t know who attacked the system, but says the ‘Backmydata’ ransomware application, a variant of Phobos ransomware, was used to encrypt data from the affected hospitals.

The DNSC said, “Both the Directorate and other cyber security authorities involved in the analysis of this incident RECOMMEND that the attackers are NOT contacted and the requested ransom is not paid!”

Romanian hospitals have been told to keep tabs on any ransom demands from the attackers, not to shut down the systems to ensure evidence is preserved and to perform a system cleanup before restoring systems using secure, up-to-date backups. 

The DNSC added that there’s “no indication” that any data has been stolen.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.