Attempted crypto ransomware attack on Witting Hospital servers

The Romanian Intelligence Service (SRI) announced today having investigated together with the National Cyber Security Incident Response Team CERT-RO and the Witting Bucharest Clinical Hospital a Phobos crypto ransomware attack on the servers of the health care facility. According to a SRI release, after encryption of the data, the attackers requested a ransom to unlock it, yet the hospital did not follow suit. The system breach did not interrupt the hospital's current activity which continued based on offline backups. This attack is similar to the one in the summer of 2019, when four Romanian hospitals had their activity disrupted by a Phobos attack as the lack of adequate antivirus tools had left their IT&C infrastructure vulnerable to such malware. Phobos is a medium complexity ransomware that mainly uses Remote Desktop Protocol connections to infect computer systems. CYBERINT National Center and CERT-RO experts recommend the implementation of due policies and security measures to keep ransomware attacks at bay. AGERPRES (RO - Eusebi Manolache, editor: Georgiana Tanasescu; EN - editor: Simona Klodnischi)