CHwapi Hospital in Belgium suffered on 17 January cyber attack, with hackers to claim that they have encrypted 40 servers and 100 TB data using Windows BitLocker. The cyber attack resulted in the hospital redirecting patients to others hospitals and delay surgeries. While hospital services are slowly recovering and surgeries have resumed, CHwapi continues to cancel some services and redirect emergencies to other hospitals.
- The prospective parenting sessions were canceled on January 20th and 21st
- The counseling sessions continue
- The surgeries continued on January 20
- Patient data has not been compromised
- The vaccine distribution circuit Covid in MR / MRS is not interrupted
- CHwapi is currently not receiving emergencies - patients being transferred to other hospitals
According to The future, CHwapi was attacked on January 17 at 8:46 p.m. when the attackers encrypted 80 of the 300 servers, however, the hospital received no ransom request.
The hackers, whose identities have not yet been revealed, told BleepingComputer that they used Windows BitLocker to encrypt 40 servers and 100 TB of data. After encrypting the devices, they left ransom notes with the name ransom.txt to the auditors domain and backup servers. In addition, the attackers reported the following via email to BleepingComputer: "We attacked Chwapi Hospital in Belgium two days ago and created ransom notes on the servers. However, the IT team did not provide this information to the hospital management. The management of the hospital issued a press release and said that there is no ransom note, but this is a lie. Something is happening."
Instead of using a standard one ransomware, this hacking team uses off-the-shelf software, such as Windows BitLocker and DiskCryptor, to encrypt files and lock access to password partitions. The hackers also pointed out to BleepingComputer that they do not encrypt every device on the network, while only targeting servers with large file sizes, such as file servers and backup servers.
To communicate with the victims, this hacking team creates ransom notes containing a Bitmessage ID, which can be used to negotiate ransom.
In addition, the team states that it is not part of a Ransomware-as-a-Service (RaaS) service and does not steal or leak data. It is worth mentioning that some ransomware gangs have stated that they will avoid it encryption hospitals and will provide free of charge decryptor, if they have been encrypted.