PentaGuard Hackers Crew was operating from Romania.
The latest press release from Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT) has revealed startling details about a hacker group’s plan to attack Romanian health care facilities and hospitals with ransomware.
The DIICOT announced that all four members of the group, which was operating under the name PentaGuard Hackers Crew since 2000, have been arrested. Three individuals were arrested from Romania while the fourth was captured from the Republic of Moldova.
Reportedly, the directorate acquired home search warrants of all four threat actors and identified several computers storing a variety of hacking tools. It was revealed that the group was preparing to infect the digital infrastructure of healthcare organizations and hospitals with ransomware via sending malicious emails impersonating to be from government institutions.
The emails were to include a file that although promised exclusive information on the COVID-19 pandemic but would plant ransomware. After infecting the computers they planned to encrypt data and bring the hospitals’ activities to a halt. The group had already bought remote access tools (RATs) and other malware to be used in ransomware attacks while also planned to use the SQL Injection method to launch attacks.
PentaGuard had so far been offering website defacement services mainly targeting banking or government portals located in Romania and Moldova. Recently they decided to shift their attack mechanism to ransomware attacks and bought the initial samples of Bad Rabbit and Locky ransomware strains. The group intended to use older strains of malware.
The DIICOT claims that PentaGuard hackers thought themselves to be invincible and untraceable as they have managed to stay active for so long. That’s why they didn’t care about hiding their online footprints.
However, with help from Romania’s Secret Service Agency, the directorate was able to catch all the members before they could launch attacks on hospitals. It turned out that the group wasn’t in favor of lockdown and believed that it was an attack on personal freedom, which is why it was planning to attack hospitals.
The names of the group members are still not disclosed by authorities and all arrested individuals are currently in detention.
This, however, is the second time in two months in Europe that authorities have dismantled a hacker group amid Coronavirus pandemic. A couple of weeks ago, Europol and Polish Police not only dismantled the InfinityBlack hacker group but also arrested 5 of its members known for scamming unsuspected users in Poland and Switzerland.
Last month, Europol, NCA, and Interpol busted a group running a multi-million online Coronavirus face mask scam leading authorities to foil Coronavirus face mask scam that cheated German health authorities.