Friday, February 26, 00:49
Home security CHwapi: Windows BitLocker "hit" the Belgian hospital!

CHwapi: Windows BitLocker "hit" the Belgian hospital!

CHwapi Hospital in Belgium suffered on 17 January cyber attack, with hackers to claim that they have encrypted 40 servers and 100 TB data using Windows BitLocker. The cyber attack resulted in the hospital redirecting patients to others hospitals and delay surgeries. While hospital services are slowly recovering and surgeries have resumed, CHwapi continues to cancel some services and redirect emergencies to other hospitals.

CHwapi: Windows BitLocker "hit" the Belgian hospital!
  • The prospective parenting sessions were canceled on January 20th and 21st
  • The counseling sessions continue
  • The surgeries continued on January 20
  • Patient data has not been compromised
  • The vaccine distribution circuit Covid in MR / MRS is not interrupted
  • CHwapi is currently not receiving emergencies - patients being transferred to other hospitals

According to The future, CHwapi was attacked on January 17 at 8:46 p.m. when the attackers encrypted 80 of the 300 servers, however, the hospital received no ransom request.

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The hackers, whose identities have not yet been revealed, told BleepingComputer that they used Windows BitLocker to encrypt 40 servers and 100 TB of data. After encrypting the devices, they left ransom notes with the name ransom.txt to the auditors domain and backup servers. In addition, the attackers reported the following via email to BleepingComputer: "We attacked Chwapi Hospital in Belgium two days ago and created ransom notes on the servers. However, the IT team did not provide this information to the hospital management. The management of the hospital issued a press release and said that there is no ransom note, but this is a lie. Something is happening."

Instead of using a standard one ransomware, this hacking team uses off-the-shelf software, such as Windows BitLocker and DiskCryptor, to encrypt files and lock access to password partitions. The hackers also pointed out to BleepingComputer that they do not encrypt every device on the network, while only targeting servers with large file sizes, such as file servers and backup servers.

To communicate with the victims, this hacking team creates ransom notes containing a Bitmessage ID, which can be used to negotiate ransom.

CHwapi: Windows BitLocker "hit" the Belgian hospital!

In addition, the team states that it is not part of a Ransomware-as-a-Service (RaaS) service and does not steal or leak data. It is worth mentioning that some ransomware gangs have stated that they will avoid it encryption hospitals and will provide free of charge decryptor, if they have been encrypted.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Wear OS: The phrase "OK Google" has not worked for months

The Wear OS smartwatch suddenly stopped responding to the "OK Google" command, do not worry you are not the only one experiencing this ...

Telegram: Automatically deletes messages with a timer

Telegram releases a new update for the iOS and Android application that brings features such as automatic deletion of messages, chat widget ...

Google is funding two developers to focus on Linux security

Linux is more secure than most operating systems, but that does not mean that its security can be taken for granted ....

AI can write a university paper in 20 minutes

AI can do many things extremely well. Something that can do relatively well is to write a university ...

Kali Linux 2021.1 has been released with new features!

Kali Linux closed last year with the release of v2020.4. The manufacturer Offensive Security has now announced a new ...

NASA's Perseverance sends new image from landing on Mars

One of the most important achievements in space exploration in recent years is the landing of the Perseverance rover on its surface ...

Google: Switch to the new Pay app to access it

Last year, the Google Pay application released a new updated interface, however many users did not choose it and remained in the old one, since they had ...

US Federal Reserve: Where does the shutdown come from?

On February 24, the US Federal Reserve (FED) suffered extensive interruptions in many of its payment services, including a system in which ...

USA: SolarWinds hackers "hit" NASA and FAA!

NASA and the US Federal Aviation Administration (FAA) have been cyber-attacked by hackers who "hit" SolarWinds, according to a report ...

Australia: Facebook and Google will pay for the news

We have recently witnessed a dispute between Facebook and Australia over news content on the platform. And...