Tag Archive for: Romanian

Bitcoin Ransomware Takes Down 100 Romanian Hospitals Offline


Sujha Sundararajan

Last updated:

| 1 min read

Source: Pete Linforth / Pixabay

More than 100 hospitals in Romania were affected by a crypto ransomware attack on Tuesday, the National Cyber Security Directorate (DNSC) confirmed. The unidentified perpetrators have demanded 3.5 Bitcoin (BTC), or about $180,000, to decrypt the data.

The ransomware took down over 100 hospitals, affecting their IT systems and encrypting data, forcing the hospitals to operate offline.

Per a recent update from the DNSC, 25 hospitals in Romania using Hipocrate Information System (HIS) are directly affected by the attack. “As a result of the attack, the system is down, files and databases are encrypted,” the Ministry of Health noted.

“The incident is under investigation by IT specialists, including cyber security experts from the National Cyber ​​Security Directorate, and resumption possibilities are being assessed,” the Ministry added. However, it did not specify whether the authorities are ready to pay the ransom in Bitcoin, as demanded by attackers.

Dubbed ‘Backmydata’, the ransomware is a variant of Phobos malware family, that are distributed via hacked Remote Desktop (RDP) connections. The ransom note informs victim about the severity of the situation by threatening to sell confidential…

Source…

Ransomware attack knocks 20 Romanian hospitals offline: Report


A ransomware attack on Hipocrate Information System (HIS), used by hospitals to manage medical activity and patient data knocked, impacted at least 21 hospitals in Romania forcing them offline.

The attack launched over the weekend targeted the production servers running HIS information system, resulting in the system’s database being encrypted.

The incident, currently under investigation, impacted various hospitals across Romania, including regional and cancer treatment centers, a report from the Bleeping Computer said.

There is no information on what ransomware operation targeted the hospitals’ system or if the patient’s personal or medical data was stolen. Romania’s National Cyber Security Directorate (DNSC) is currently investigating the cyber incident.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Technological advancements in the healthcare industry like remote health monitoring, electronic health records and the Internet of Thins (IoT) has provided cybercriminals with more opportunities to attack the sector.

Also Read | How safe is our personal health data with the Indian government? 

Attacks on the healthcare sector have also impacted India, with the country registered the second highest number of attacks on the sector in 2022.

Attacks on hospitals could lead to sensitive data being exposed to threat actors. This data can then be used to perform digital identity theft, online banking thefts, tax frauds and other financial crimes.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every
month

You have exhausted your free article limit.
Please support quality journalism.

You have exhausted your free article limit.
Please support quality journalism.

This is your last free article.

Source…

Romanian Malware Hosting Vendor Extradited to US


Mihai Paunescu, aka Virus, Faces 3 Criminal Counts in Court

Romanian Malware Hosting Vendor Extradited to US
Mihai Paunescu after his detention in Colombia (Photo courtesy of the Office of the Attorney General of Colombia)

A Romanian man accused of managing the digital infrastructure behind a banking Trojan that stole tens of millions of dollars now finally faces trial in the United States after his extradition from South America.

See Also: OnDemand | Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Federal authorities yesterday presented Mihai Ionut Paunescu, aka Virus, in Manhattan federal court a year after Colombian authorities detained the fugitive in a Bogota airport. Romanian authorities arrested Paunescu in 2012 but released him on bail. A U.S. grand jury returned a three-count indictment against him in 2013. If convicted on all charges – conspiracy to commit bank fraud, wire fraud and computer intrusion – the 37-year-old faces a maximum of 60 years imprisonment.

Paunescu offered cybercriminals so-called “bulletproof hosting,” including a command-and-control server for the Gozi malware that during the early 2000s infected more than 1 million computers. Among them were 60 computers belonging to NASA, through which thieves stole about $19,000.

His business model was to rent servers and network connectivity from legitimate providers and sublease the infrastructure to other cybercriminals. Other malware Paunescu is accused of facilitating include the Zeus and SpyEye Trojans. He also allegedly allowed his criminal clientele to execute DDoS attacks by hosting the BlackEnergy bot toolkit.

Paunescu kept a database to manage his server subleasing operation that included labels such as “zeus 100%SBL” and “100%SBL malware.”

The indictment shows he helped clients evade detection by law enforcement agencies by scanning lists of suspicious or untrustworthy IP addresses maintained by the Spamhaus Project. In case of a match, he relocated his…

Source…

Romanian man extradited to US over Gozi virus hacking charges


A dual Romanian and Latvian national has been extradited to the US from Colombia for allegedly running a “bulletproofing hosting” service that enabled cyber criminals to distribute the Gozi virus.

Mihai Ionut Paunescu, 37 years old and also known as Virus, also allegedly enabled other cyber crimes, such as distributing malware like Zeus Trojan and SpyEye Trojan, initiating and executing distributed denial of service (DDoS) attacks, and transmitting spam, said federal attorneys yesterday.

The Gozi virus, first discovered in 2007, is malware that stole personal bank account information, including usernames and passwords, from users of affected computers, according to allegations in documents filed in Manhattan federal court. The virus infected over one million computers worldwide, including around 40,000 in the US, some of which belonged to NASA.

It caused tens of millions of dollars in losses to individuals, businesses, and governments whose computers were infected. Once installed, Gozi would collect data from the infected computer to capture personal bank account information which was then transmitted to various computer servers controlled by criminals who used the virus. They would then use the personal information to transfer funds out of victims’ bank accounts and into their possession.

“Bulletproof hosting” services helped cyber criminals to distribute the Gozi Virus with little fear of detection by law enforcement, said federal attorneys. Bulletproof hosts provided cyber criminals with critical online infrastructure they needed, including IP addresses and computer servers, in a manner designed to enable them to preserve their anonymity.

Paunescu allegedly rented servers and IP addresses from legitimate internet service providers and then rented these to cyber criminals. He also provided servers which were used as command-and-control servers to conduct DDoS attacks and monitored IP addresses he controlled to determine if they appeared on a special list of suspicious or untrustworthy IP addresses. Lastly, Paunescu also relocated his customers’ data to different networks and IP addresses to avoid being blocked as a result of private security or law enforcement…

Source…