A technical analysis of the BackMyData ransomware used to attack hospitals in Romania cybergeeks.tech/a-technical-…

A technical analysis of the BackMyData ransomware used to attack hospitals in Romania dlvr.it/T4Q9Q2 #cyber #threathunting #infosec

Interesting. The Romanian @DNSC_RO provides a very easy to use #YARA scan to detect ransomware infections of Phobos/Backmydata in healthcare / hospitals. Great example for others to follow. dnsc.ro/citeste/atac-ciberne… dnsc-ro.translate.goog/cites… #dfir #ioc

Análisis técnico del ransomware BackMyData,la cepa de ransomware utilizada para atacar hospitales rumanos cybergeeks.tech/a-technical-…

A technical analysis of the backmydata ransomware used to attack hospitals in Romania cybergeeks.tech/a-technical-…

#ThreatProtection #BackMyData - a #Phobos #Ransomware variant, read more about Symantec's protection: broadcom.com/support/securit… #Malware

A technical analysis of the BackMyData ransomware used to attack hospitals in Romania cybergeeks.tech/a-technical-…

I've reverse engineered the BackMyData ransomware that attacked hospitals across Romania last week. I've also included a list of indicators of compromise that can be used to detect the ransomware. cybergeeks.tech/a-technical-…

Ein Ransomware-Opfer bleibt selten allein: Die Angreifer #Backmydata #Lockbit #AlphV etc. spezialisieren sich zunehmend auf den Gesundheitssektor und andere kritische Infrastruktur, stärken Sie Ihre #Cyberdefense JETZT! heise.de/news/Ransomware-Ang… #KRITIS #Ransomware #CyberResilience

🗞️ Știrile săptămânii din #cybersecurity sunt aici: dnsc.ro/citeste/stirile-sapt… 🇷🇴 Un atac cibernetic de tip ransomware a afectat spitale din România 🪙 ALERTĂ: Backmydata Ransomware 🇫🇷 Datele a jumătate din populația Franței au fost furate în cel mai mare atac cibernetic

👨🏻‍🏫 Details and recommendations for the Backmydata ransomware attack which affected the activity of 26 Romanian hospitals (* press ENG button on the right for English version): dnsc.ro/citeste/alert-backmy… #DNSC #alert #ransomware #Romania #backmydata #phobos #awareness

👨🏻‍🏫 Detalii și recomandări în cazul atacului cu ransomware Backmydata care a afectat activitatea a 26 de spitale din România: dnsc.ro/citeste/alert-backmy… #DNSC #alert #ransomware #Romania #backmydata #phobos #awareness

🔒 Bitcoin Ransomware Takes Down 100 Romanian Hospitals Offline, Hackers Demand 3.5BTC 🔒 📰 By Sujha Sundararajan 🕙 Last updated: lúc 09:54 GMT 7 15 tháng 2, 2024 | 1 min read 📸 Source: Pete Linforth / Pixabay 💼 More than 100 hospitals in Romania were affected by a crypto ransomware attack on Tuesday, the National Cyber Security Directorate (DNSC) confirmed. The unidentified perpetrators have demanded 3.5 Bitcoin (BTC), or about $180,000, to decrypt the data. 🛡️ The ransomware took down over 100 hospitals, affecting their IT systems and encrypting data, forcing the hospitals to operate offline. 📝 Per a recent update from the DNSC, 25 hospitals in Romania using Hipocrate Information System (HIS) are directly affected by the attack. “As a result of the attack, the system is down, files and databases are encrypted,” the Ministry of Health noted. 🔍 “The incident is under investigation by IT specialists, including cyber security experts from the National Cyber ​​Security Directorate, and resumption possibilities are being assessed,” the Ministry added. However, it did not specify whether the authorities are ready to pay the ransom in Bitcoin, as demanded by attackers. 🛑 Dubbed ‘Backmydata’, the ransomware is a variant of Phobos malware family, that are distributed via hacked Remote Desktop (RDP) connections. The ransom note informs victim about the severity of the situation by threatening to sell confidential data if negotiations fail. The note also asserts that data can be returned only when the ransom is paid in digital assets. 🔐 Furthermore, hospitals in Romania are told to keep an eye on ransom demands to ensure evidence is preserved. 💰 Bitcoin Demands in Ransomware 🔍 This isn’t a new case where attackers have demanded Bitcoin ransom payment. The Backmydata has similarities with the infamous “WannaCry” attack in May 2017 on the UK’s National Health Service (NHS). 🌐 In 2021, Russian DarkSide Group attacked the US Colonial Pipeline, demanding a ransom of $5 million worth in crypto assets. Later, the US Department of Justice has recovered $2.3 million in Bitcoin from the DarkSide (approximately 63.7BTC at that time). 📈 Additionally, a recent report from Chainalysis noted that ransomware payments hit a staggering $1 billion in 2023. Notable victims included household names like the BBC and British Airways, and other high-profile institutions. Is this conversation helpful so far?

cibernetic cu ransomware Backmydata/Phobos (Clinica Sante, Călărași) 🔗 Detalii pe site: dnsc.ro/citeste/atac-ciberne… #DNSC #cyberattack #ransomware #update #healthcare #Romania

🏥 ACTUALIZARE incident cibernetic cu ransomware Backmydata/Phobos (14.02.2023) •Un nou spital pe lista entităților afectate: Spitalul de Boli Cronice Smeeni •Obligații legale de raportare a incidentelor conform Legii 362/2018 •Corecție privind impactul incidentului

🏥 UPDATE Backmydata/Phobos ransomware incident •A new hospital on the list of affected entities: Smeeni Chronic Diseases Hospital •Legal Reporting Obligations according to Law 362/2018 •Correction regarding the impact of the cyber incident with Backmydata/Phobos

Alte cinci #spitale din #România care folosesc platforma informatică Hipocrate au fost afectate de #atacul #cibernetic executat cu aplicaţia ransomware Backmydata, numărul unităţilor prejudiciate ajungând astfel la 26. (1/2)

BackMyData ransomware; Phobos ransomware family; Extension: .backmydata (also appends filenames with victim's unique ID and developers' email address); Ransom notes: info.txt and info.hta virustotal.com/gui/file/396a… @LawrenceAbrams @demonslay335 @struppigel @JakubKroustek

DNSC says the attackers used Backmydata ransomware to encrypt the hospitals’ data, a ransomware variant from the Phobos family. Most of the affected hospitals have recent backups, except one whose data was saved 12 days ago.

nooooo my babe is going home. #bring backmydata #IdolsSA