The PentaGuard hackers are from Romania.
The latest press release of the Romanian Organized Crime and Terrorism Bureau (DIICOT) revealed a surprising set of details of hackers aiming to use ransomware to attack Romanian health institutions and hospitals.
DIICOT announced the arrest of four members of the organization (which have served as PentaGuard Hackers Crew since 2000). In Romania, three people were arrested and the fourth person in the Republic of Moldova.
Reports have it that management obtained search warrants against four threat actors and identified several computers storing various hacking tools. According to reports, the organization is planning to infect the digital infrastructure of medical organizations and hospitals with ransomware by sending malicious emails disguised as government agencies.
The email will contain a file that, although promised to provide exclusive information about the COVID-19 pandemic, will cause the ransomware to crash. After infecting computers, they plan to encrypt data and suspend hospital activities.
The team had previously purchased remote access tools (RAT) and other malware for ransomware attacks. At the time, it also planned to launch attacks using SQL injection methods.
So far, the website damage services provided by PentaGuard have mainly targeted banks or government portals in Romania and Moldova.
They recently decided to change the attack mechanism to a ransomware attack and purchased initial samples of Bad Rabbit and Locky ransomware strains. The team intends to use older malware.
One of the destroyed sites of PentaGuard Hackers Crew
DIICOT claims that PentaGuard hackers thought that they are invincible and untraceable because they stayed active for a long time. Therefore, they do not mind hiding their tracks online.
However, with the help of Romanian Secret-Service agency, the directorate captured all members before they could attack the hospital. It turns out the organization does not approve of lockdown and believes that this is an invasion of personal freedom. Hence which is why they plan to attack the hospital.