CHwapi hospital in Belgium witnessed a cyberattack that incited the facility to divert emergency patients to different emergency hospitals and defer surgeries.
Attackers utilized Windows BitLocker to encrypt 40 workers and 100TB of information. In the wake of encrypting devices, the attackers state they left ransom notes named ransom.txt on the domain controllers and backup servers.
“We attack chwapi hospital in Belgium 2 days ago. and set up a ransom note on servers. but the IT management team not give this information to hospital management. hospital management makes a press release and said there is no ransom note, but this is a lie. something is going on,” the attackers wrote in an email.
This group utilizes off-the-shelf software, for example, Windows BitLocker and DiskCryptor to encrypt documents and lock admittance to the disk partitions with a password. The attackers revealed that they don’t encrypt each gadget on the network and only target servers holding a lot of records, for example, file servers and backup servers.
80 of the hospital centers’ 300 servers were affected by the attack, constraining staff and nurses to surrender computerized entries and turn to pen and paper for patient assessments. Patient information was not compromised, as per CHwapi.
This hacking group makes ransom notes containing a Bitmessage ID that can be utilized to negotiate a ransom. This group states that they are not part of a Ransomware-as-a-Service (RaaS) and do not steal or leak information. Some ransomware groups have expressed that they will try not to encrypt hospitals and give a free decryptor in the event that they are encrypted.
The hospital has totally cut off any communications with the rest of the world. Authorities said any patients affected by hospital service interruptions will be told by phone, where conceivable.
While the hospital’s services are gradually recuperating and surgical operations have resumed, CHwapi continues to cancel some services and divert dire cases to different hospitals.