Romanian police bust hackers allegedly plotting ransomware attacks on hospitals

The hackers reportedly planned to threaten hospitals with malware to protest Romania’s state of emergency amid COVID-19.
romania ransomware
The hackers reportedly planned to threaten hospitals to protest Romania’s state of emergency, which has restricted public gatherings during the COVID-19 pandemic. (Getty Images)

Romanian authorities said Friday they had disrupted a cybercriminal group that planned to conduct ransomware attacks on hospitals in the country.

The hackers intended to pose as government officials and send malicious emails to public health institutions that purported to contain information on the coronavirus, according to the Directorate for Investigating Organized Crime and Terrorism (DIICOT), one of Romania’s top law enforcement agencies. Such ransomware attacks could disrupt the IT systems of hospitals, DIICOT said.

But before that could happen, police and security officials said they searched the suspects’ properties in Romania and neighboring Moldova. All four suspects were arrested, ZDNet reported.

The hackers planned to threaten hospitals to protest Romania’s state of emergency, which has restricted public gatherings during the COVID-19 pandemic, according to Romanian news outlet Stirile Pro Tv.


The threat of attacking hospitals would be a much more serious crime than the website defacements and other low-skill digital mischief usually associated with the Romanian hacking group, known as Pentaguard. According to Romanian authorities, the hackers sought to use ransomware related to Locky or Bad Rabbit, strains of code that originated in Eastern Europe and have plagued multiple organizations in recent years.

The incident in Romania is the latest example of how hackers have targeted health care organizations as coronavirus spreads around the world.

After unidentified hackers disrupted the IT systems of the Czech Republic’s second largest hospital in March, governments and international bodies warned of the threat to public health. Interpol said it had “detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.” Governments, including the U.S. and its allies, have condemned the cyberattacks on the health care sector, which have nonetheless continued.

Cybersecurity professionals around the world have responded by volunteering their time to try to fend off hacking against medical organizations.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts