Police Catch Suspects Planning #COVID19 Hospital Ransomware

Police in Europe have swooped on a cybercrime gang they suspect of planning ransomware attacks using COVID-19 lures against hospitals.

The four-man “Pentaguard” group was formed at the start of the year, according to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT).

It amassed tools including ransomware, remote access trojans (RATs), and SQL injection tools to launch attacks against public and private sector organizations with the aim of stealing data, defacing websites and encrypting key systems.

“They intended to launch ransomware attacks, in the near future, on some public health institutions in Romania, generally hospitals, using social engineering by sending a malicious executable application, from the Locky or BadRabbit families, hidden in an e-mail and in the form of a file that apparently would come from other government institutions, regarding the threat of COVID-19,” the DIICOT update explained.

“Through this type of attack, there is the possibility of blocking and seriously disrupting the functioning of the IT infrastructures of those hospitals, part of the health system, which plays a decisive role at this time, to combat the pandemic with the new coronavirus.”

Officers carried out three house searches in Romania and one in neighboring Moldova.

Hospitals around the world have been under constant attack over the past few weeks as ransomware gangs try to take advantage of the current pandemic to put pressure on their victims to pay.

Microsoft warned recently that many of these attacks were detected using APT-style techniques such as exploitation of a VPN or remote access vulnerability, followed by reconnaissance, privilege escalation and lateral movement.

In April, INTERPOL was forced to issue a Purple Notice to all of its 194 member countries about the cyber-threat to hospitals and other front-line organizations.

What’s Hot on Infosecurity Magazine?