The attack has escalated rapidly, with 21 hospitals already experiencing encrypted computers. The initial target was a children’s hospital, but the ransomware has since spread to 79 other medical facilities, forcing them to disconnect from the communication networks.
Romania’s ongoing hospital ransomware attack is getting worse. Cyber security centre said last night that 21 hospitals have had computers encrypted. A children’s hospital was the first to get hit but now it’s spread. Computers in 79 other medical facilities have been unplugged pic.twitter.com/rdsX31VhFd
— Joe Tidy (@joetidy) February 13, 2024
Medical institutions using the Hipocrate information system (HIS) were primarily affected, with 25 inpatient hospitals reporting direct impact from the cyber extortionists. Additionally, another 79 hospitals had to disconnect their computers from the networks to prevent further damage.
According to experts at the Romanian cybersecurity agency, the attackers used a variant of the Phobos ransomware called Backmydata to encrypt the data in the affected medical institutions. DNSC has advised hospital administrators not to turn off infected computers and to disregard the hackers’ ransom demands.
It is worth noting that last year, analysts at Chainalysis reported a 40% decrease in criminals’ revenue from ransomware. This decline was attributed to improved computer security measures and victims’ reluctance to pay ransoms.