Ransomware Attack Forced 100 Romanian Hospitals to Go Offline

 

Hospitals are still being victims of ransomware attacks.

On the night of February 11-12, 2024, a ransomware attack impacted 25 hospitals in Romania, disrupting their online health services. As a precaution, another 75 hospitals took their systems offline, bringing the total affected hospitals to 100.

Fortunately, the hospitals had working backups and were able to restore their systems and data to a state from 3 days before this attack.

Hospitals are classified as critical infrastructure, yet they remain more vulnerable among other crititical infrastructures.

Managers in the critical infrastructure sectors DO have to be aware of that cyber threats are real and that cyber attacks can cause serious damage to the environment and also to the society.

DO NOT think that cybersecurity is a waste of time or waste of budget or just an unnecessary paperwork. Do not wait for a cyber attack to realize it.

https://bit.ly/3V5q9AT

"100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system."

"'During the night of 11-12 February 2024, a massive ransomware cyber-attack targeted the production servers running the HIS information system. As a result of the attack, the system is down, files and databases are encrypted,' the Romanian Ministry of Health said."

"'Most of the affected hospitals have backups of data on the affected servers, with data saved relatively recently (1-2-3 days ago) except one, whose data was saved 12 days ago,' DNSC said.

The attackers have sent a ransom demand of 3.5 BTC (roughly €157,000)..."

"Since the systems were taken offline or shut down, doctors have been forced to return to writing prescriptions and keeping records on paper."

Chinese Hackers Infect Dutch Military Network

 

Why do you have to have to a solid vulnerability and patch management processes?

Well? The answer is quite easy: To avoid being hacked.

A part of Dutch military network was hacked by Chinese hackers using a FortiGate firewall vulnerability which was first detected in October 2022. (CVE-2022-42475 FortiOS SSL-VPN) The damage was limited due to the network segmantation in the network design.

https://bit.ly/3uwhqN7

"A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands."

"During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan (RAT) designed to infect Fortigate network security appliances, was also discovered on the breached network."

"Even fully patched FortiGate devices may therefore be infected, if they were compromised before the latest patch was applied.

The malware operates stealthily and persistently, hiding itself by intercepting system calls to avoid revealing its presence. It also persists through system reboots and firmware upgrades."

"While the attacks weren't attributed to a specific threat group, MIVD linked this incident with high confidence to a Chinese state-sponsored hacking group and added that this malicious activity is part of a broader pattern of Chinese political espionage targeting the Netherlands and its allies."

"'For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,' said Defense Minister Kajsa Ollongren."

Cyber Attack To A Children's Hospital in Chicago

Criticial infrastrucutures are under cyber attack risk but most of the people are not aware of this reality who work in this area. And as a result, we see more and more criticial infrastructure attacks.

These hackers are so ruthless so that they can attack even a children's hospital. So the potential victims DO have to be aware of that and take enough actions against these sick people.

Cyber threats are real and can cause painful social damage if they will be successful against the critical infrastructures.

Well yet another hospital and another victim of cyber attacks. This time in Chicago - USA. Being held twice in a week and it being a children's hospital made it worse.

https://www.theregister.com/2024/02/05/lurie_childrens_hospital_cyberattack/?is=5a5d7ed30c1b46eb1c21fcf1e6c51b4c49dc532ddd4c930a7f4472ce34fe37c3

"For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption."

"Email, phone, and internet services are unavailable at the hospital, and according to local news, young patients have been unable to attend scheduled appointments for six days and counting."

"Some patients with scheduled elective surgeries have also had their appointments pushed back or canceled. Others say ultrasound systems were down and prescriptions were being handled using analog, pen-and-paper methods."

"The healthcare sector has long been a primary target for cybercriminals for many reasons,..."

The Developer of Trickbot Malware Is Sentenced For 5 Years

 Another cyber criminal is arrested for having infected some hospitals in USA.

The individual, extradited from South Korea in 2021, is sentenced to five years in prison for developing the Trickbot malware.

The Trickbot malware caused tens of millions of dollars in losses in USA.

https://bit.ly/3ukR1Sj

"A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses."

"Dunaev also confessed to writing code used to steal secrets from infected computers. Between October 2018 and February 2021 alone, the crew defrauded victims out of more than $3.4 million, the court documents claim.

According to the UK National Crime Agency, the gang has extorted at least $180 million (£145 million) from people and organizations worldwide."