According to data collected by the protection company viruses ESET, Russian hackers seem to have "hit" Czech hospitals on April 21 using malware CoViper. The headmaster technologies of ESETMiroslav Dvořák said the source of the attack could not be determined. tool MBR Locker, with which it was implemented, is in Russian. Respectively, the instructions for using this tool are available in Russian hacking forum. In addition, the company has identified a digital footprint that refers to Chinese IP addresses. The Czech newspaper Lidové noviny (LN) wrote on Monday that investigators had concluded that Russian hackers were hiding behind the attacks on Czech hospitals. The LN also said the information came from a senior member of the investigation team and was confirmed by a member of the National Security Council. The Russian embassy denied the allegations, calling them "myths" and a "dirty anti-Russian attack" and an "open provocation."
MBR Locker is a tool with which intruders can easily define the required data and then create a .exe file, which acts as malware program, Dvořák said, adding that it was not complicated code. So if a user opens the infected add-on e-mail with CoViper malware, the computer is attacked, Dvořák pointed out.
Last Thursday, the National Cybersecurity and Security Service (NUKIB) warned of cyber attacks targeting Czech hospitals systems computers but also other installations and systems. The Czech health minister, Adam Vojt .ch, announced the same day that some hospitals and his ministry had been attacked, but were able to deal with them. University hospitals in Ostrava and Olomouc, in northern Moravia, as well as some hospitals in Pardubice, were targeted by cyber-attacks a few hours later, but computer system administrators managed to deal with them.