Romanian law enforcement has announced the arrest of a group of individuals that were intending to conduct ransomware attacks against healthcare institutions in the country.
According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), the group that was operating under the name PentaGuard, was formed at the beginning of 2020 and consisted of four people.
The authorities said three members of the PentaGuard crew were arrested in Romania and a fourth in the Republic of Moldova after executing home search warrants. The group's members owned malware such as remote access trojans and ransomware, tools to perform website defacements, and tools to exploit SQL injection vulnerabilities to compromise web servers and steal data.
DIICOT said it obtained information the group was preparing to launch ransomware attacks against public health institutions in Romania, where they intended to use “Locky” or “BadRabbit” ransomware strains first reported in 2016 and 2017.
“With this technique, the perpetrator of the attack can easily determine the target to open the mail, the malicious application will be automatically downloaded to the computer system, producing data encryption and thus disabling the computer platform,” the agency said.
Although DIICOT said the PentaGuard group was formed this year, according to threat intelligence provided by cyber-security firm KELA, some members of the group were active since 2000, when they were involved in mass defacements of a number of government and military websites.