More than 100 Romanian hospitals were taken offline this month after a ransomware group attacked their IT systems, encrypted data, and demanded a bitcoin ransom worth $174,000, according to the country’s National Cyber Security Directorate (DNSC).
The DNSC revealed that 25 hospitals using the Hipocrate Information System (HIS) have been directly impacted, while computers in another 79 have been taken offline as authorities figure out the scale of the attack.
The Romanian security agency claims it doesn’t know who attacked the system, but says the ‘Backmydata’ ransomware application, a variant of Phobos ransomware, was used to encrypt data from the affected hospitals.
The DNSC said, “Both the Directorate and other cyber security authorities involved in the analysis of this incident RECOMMEND that the attackers are NOT contacted and the requested ransom is not paid!”
Romanian hospitals have been told to keep tabs on any ransom demands from the attackers, not to shut down the systems to ensure evidence is preserved and to perform a system cleanup before restoring systems using secure, up-to-date backups.
The DNSC added that there’s “no indication” that any data has been stolen.