Scroll Top

Feds warn healthcare providers in the United States about ‘obscure’ ransomware gang targeting the sector

stf-how-to-remove-tht-ransomware-timisoarahackerteam-virus-and-restore-files

Feds warn healthcare providers in the United States about ‘obscure’ ransomware gang targeting the sector

The Health Sector Cybersecurity Coordination Center (HC3), an entity established by the Department of Health and Human Services in the United States, has recently issued a warning to healthcare providers about a relatively unknown ransomware gang known as TimisoaraHackerTeam (THT). This group has been targeting organizations within the healthcare sector, employing tactics that make them difficult to detect.

According to the HC3 alert, THT, which was discovered in July 2018, has managed to remain relatively incognito since its emergence. The group’s origin appears to be Romania, as it is named after a Romanian town, and its source code suggests that it was developed by Romanian speakers.

Unlike many other ransomware groups that create their own tools for encrypting victims’ data, THT takes a different approach. The gang leverages legitimate software tools such as Microsoft’s BitLocker and Jetico’s BestCrypt to deliver its malware. This tactic is also employed by other ransomware groups like DeepBlueMagic and certain Chinese hacking groups like APT41.

HC3’s alert suggests that there may be a potential connection between THT and these other groups. The primary method of unleashing their malware is through spam emails and email attachments. Once an organization falls victim to a THT attack, they will find their files encrypted by ransomware and receive a ransom note containing payment instructions for data recovery.

In a recent incident, a U.S. cancer center was targeted by a THT ransomware attack, resulting in a significant impact on patient treatment capability, the temporary shutdown of digital services, and the potential exposure of patients’ health and personal data.

The HC3 alert highlights that THT disregards the code of conduct followed by many hackers, which typically avoids targeting hospitals and healthcare providers with ransomware attacks. Another cyberattack on a French hospital in April 2021, attributed loosely to THT due to the use of legitimate software tools for deploying malware, further reinforces this concern.

The alert from HC3 emphasizes the need for healthcare providers to remain vigilant against potential THT attacks. It also underscores the vulnerability of the healthcare sector due to the high likelihood of ransom payment, the value of patient records, and often inadequate security measures.

As the healthcare industry continues to grapple with cybersecurity challenges, organizations must prioritize robust security measures and remain informed about evolving threats to safeguard patient data and critical healthcare services.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.