Maoloa (virus racketeer)

2019: Attack of four Romanian hospitals

At least four hospitals in Romania at the end of June, 2019 endured the attack of a virus racketeer which, according to intelligence agencies of the country (Romanian Intelligence Service), was carried out by the Chinese hackers.

According to the Healthcare IT News portal with reference to the statement of prospecting body of Romania, the preliminary analysis showed that any antivirus could stop the malware. But, most likely, malefactors used a method of social engineering (deception of users), but not vulnerability of computer systems.

4 hospitals were paralyzed because of the attack of a virus racketeer

According to the Romanian center for national cyber security and response to CERT-RO incidents, medical institutions were attacked by viruses under the name Maoloa and Phobos. It was confirmed also by cybersecurity companies Cyberint and Bitdefender.

Experts say that Maoloa extends through e-mails with the infected attached files and also hackers who got access to the unprotected virtual machines working within Remote Desktop Protocol. After infection of the Maoloa system ciphers the files created using a packet of Office and OpenOffice and also the documents PDF, text files, databases and multimedia files. As for Phobos, it extends mainly manually after cracking.

The Minister of Health of Romania of Sorina Pintea told journalists that attack of hackers paralyzed work of hospital. In particular, problems with acceptance and the statement of patients began. She also reminded that similar cyber attacks to medical institutions in the country already happened: in 2017 paid malefactors the redemption in the amount of 10 thousand euros for data recovery after infection with the malware of computers of hospital in the city of Sigetu-Marmatsiyey. CERT-RO says that the companies should not pay hackers.^[1]

Notes