Bitcoin Ransomware Paralyzes Romanian Hospitals: What’s Next?

A Bitcoin ransomware attack has targeted hospitals across Romania, according to reports in local media. The ransom demand is 3.5 BTC, worth approximately $173,000 at current prices. 

As many as a hundred hospitals across Romania have taken their systems offline following a ransomware attack targeting their healthcare management system.

Bitcoin Ransomware Demands

According to reports in local media, the ransom demand message does not specify a group claiming responsibility for the attack. Just an e-mail address was provided. 

The hackers targeted the Hipocrate Information System (HIS) used by hospitals to manage medical activity and patient data. Moreover, they took the system offline after encrypting its database.

Furthermore, the attackers have already been confirmed to have encrypted the data of 25 hospitals. An additional 75 other healthcare facilities using HIS have also taken their systems offline as a precautionary measure, according to reports.

Authorities recommend not contacting or paying the attackers. Additionally, affected hospitals were advised to isolate systems, keep evidence, restore from backups, and update software. 

“After 400 computers and servers were shut down, we worked mostly on paper,” said Regional Institute of Oncology manager Mirela Grosu. The Romanian Ministry of Health said:

“The incident is under investigation by IT specialists, including cybersecurity experts from the National Cyber Security Directorate (DNSC), and the possibilities for recovery are being assessed. Exceptional precautionary measures have also been activated for the other hospitals not affected by the attack.”

Read more: 15 Most Common Crypto Scams To Look Out For

The DNSC added that the attackers used “Backmydata” ransomware, a variant from the Phobos malware family, to encrypt the hospitals’ data.

Furthermore, the malware usually infects systems by exploiting flaws in Remote Desktop Protocol (RDP) services. These include weak login credentials.

Ransomware involves deploying malware that restricts access to computer systems or data and demanding ransom, usually in crypto, for its release.

BTC Demands

Nevertheless, Bitcoin demands in ransomware attacks are not new. In September, the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) published a report detailing the increase in ransomware attacks.

In May 2017, the UK’s National Health Service (NHS) faced a huge ransomware threat. This was known as the infamous “WannaCry” attack, which disrupted hospitals nationwide.  

According to an Immunefi report in 2023, the top ten ransom payments globally amounted to nearly $70 million in BTC. The report noted that Russian hacking collectives predominantly deploy the malware. However, nobody has claimed credit for the Romanian attack yet.

The Russian-based DarkSide Group was behind the 2021 Colonial Pipeline attack that crippled fuel supplies across the East Coast of the US.