Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT) on Friday announced in a press release that they arrested a cybercriminal group who were planning to launch ransomware attacks against healthcare institutions and hospitals in the country.
Three hackers were arrested in Romania, while the fourth one was arrested in the Republic of Moldova, after their homes were searched.
According to DIICOT, the cybercriminal group of 4 people was formed at the beginning of 2020, who operated online under the name “PentaGuard” to carry out crimes specific to cybercrime. Contrary to what DIICOT said, some members of the PentaGroup have been around since 2000, when they were engaged in website defacement of numerous government and military websites, including Microsoft’s Romanian website.
The members of the group owned file-encrypting malware, remote access trojans (RATs) and ransomware, tools to perform website defacements, and exploit SQL injection vulnerabilities.
DIICOT added that the hackers had plans to launch “ransomware” attacks to infect the digital infrastructure of some public health institutions in Romania, generally hospitals in the near future, by leveraging a malicious executable application, from the “Locky” or “BadRabbit” (computer virus) families, hidden in an e-mail and in the form of a file pretending to be from government institutions sending COVID-19 information.
After infecting the computers, the hackers planned to encrypt files, and disrupt hospital activity. However, DIICOT with the help of Romania’s Secret Service Agency (SRI) was able to catch all the members before they could launch attacks on hospitals.
Romanian media reported, citing DIICOT sources, that the hackers were planning to attack hospitals to protest against the country-wide restrictions imposed on public gatherings due to the COVID-19 pandemic.
While suspected group members’ names are still not disclosed by authorities, the arrested individuals are currently in detention.