A leading hospital in Barcelona has been shut down due to an ongoing cyberattack by a criminal gang called RansomHouse. Staff at the facility’s laboratories, pharmacies and emergency services have been reduced to using pen and paper. There are no indications of when the services will be back in operation.
Interpol and Europol are currently investigating the attack on the Hospital Clinic de Barcelona, in cooperation with the Catalan police.
Hospital in Barcelona hit with cyberattack
The attack took place on Sunday, with staff at the hospital locked out of systems. Other clinics across Spain were also impacted.
As of today, 150 surgeries have reportedly been cancelled, along with up to 3,000 appointments and 400 pieces of analysis. Staff are trying to process patients using pen and paper, with some being diverted to other hospitals in Barcelona.
Online systems at the Casanova, Borrell and Les Corts primary care centres have been affected, as well as the IDIBAPS Research Institute and the Villarroel, Plató, and Maternitat outpatient sites. All of these systems were apparently running off the hospital’s virtual server system.
The perpetrator of the attack is apparently data extortion gang RansomHouse. Head of the Catalan Agency of Cybersecurity, Tomas Roy explained today that the gang has used “new attack techniques,” stating that it is “sophisticated” in its approach.
“We have evidence that there was a data leak and we are analysing it right now, said Sergei Marcen, the Catalan telecommunications director. “We won’t pay them a cent.” The attackers have not yet demanded a ransom.
The Hospital director Antoni Castells said today that his team “can’t make any predictions as to when the system will be back up to normal,” explaining that the hospital’s current plan will allow them to operate for the next few days, and that he is hopeful operations will be back up and running before then.
RansomHouse gang – ‘disenchanted white hat hackers’ strike again?
RansomHouse last hit the headlines when it claimed that companies do not pay enough for their cybersecurity. “Many businesses and companies are not willing to invest as much money as required to fortify their infrastructures, while they ignore or do not institute enough bug bounty plans,” the hackers wrote on their dark web blog.
The reference to bug bounty programmes led researchers at security company CyberInt to conclude that the gang may be a group of disenchanted ‘white hat hackers’ who carry out penetration testing for companies to inspect their networks, seeking pay-outs in the form of bounties if they find vulnerabilities in a system.
“Many of the bug bounty hunter community members have been complaining for some time now about companies that do not want to pay the bounty for their hard labour while still enjoying its fruits,” the report notes. “Bug bounty programs also increase their commissions making the bug bounty hunter a very frustrating profession.”
If this is still the case, the gang has taken a ruthless turn in attacking such a large healthcare facility.
Despite this propagation of a different reputation, the gang has reportedly had links to other cybercriminal groups. Its name has cropped up in the notes of blogs of both the White Rabbit ransomware gang and the Lapsus$ Telegram channel.
Nicole Hoffman, senior cyber threat intelligence officer at security company Digital Shadows, told Tech Monitor last year. “It is likely that RansomHouse operates as the “leak site” of White Rabbit ransomware group.
“White Rabbit has in turn been attributed to ‘Fin8’; a financially motivated threat group known for targeting banks.”