The cyber attack on the Hospital Clínic de Barcelona: perpetrators, rescue and impact on its activity

March 11 (Portaltic/EP) –

He Hospital Clinic of Barcelona suffered on Sunday March 5 a ransomware-type cyberattack, for which the responsible group has already requested a reward, and which as of this Friday is still working to recover its normal activity.

The hospital notified shortly before noon on Sunday that he had been the victim of an attack that encrypted the systems. This is a type of attack known as ‘ransomware’, by which attackers are expected to ask for a sum of moneyusually in cryptocurrencies because they are more difficult to trace, in exchange for release the information and not publish the data stolen.

The first consequence of this attack was the cancellation of emergency services, laboratory and pharmacy of the center. Specifically, the hospital’s medical director, Antoni Castells, confirmed on Thursday that more than 4,000 outpatient tests, more than 300 interventions and more than 11,000 outpatient visits had stopped.

Meanwhile, the recovery work has been advancing: on Tuesday the hospital was able to “develop the planned activity normally” on Monday, with 10 percent of the Outpatient Consultations and 40 percent of the operations, in addition to recovering outpatient rehabilitation .

This FridayCastells pointed out that it had been possible recover 90 percent of complex surgical activity, 40 percent of less complex surgical activity, and 70 percent of outpatient visits.

However, it was not until precisely this Friday when its authors have claimed payment, which amounts to $4.5 million (about 4.25 million euros), as confirmed by the Secretary of Telecommunications and Digital Transformation, Sergi Marcén. From the Government they assure that they will not pay “not a cent“.

ACTORS FROM OUTSIDE SPAIN

The hospital itself confirmed on Monday that the attack came from outside Spain. In fact, it is linked to the ransom house group“a large-scale organization specialized in data exfiltration,” as Kaspersky cybersecurity analyst Marc Rivero explains in a note sent to Europa Press.

The analyst recalls that it is still unknown how the attack on the Hospital Clínic de Barcelona was carried out, but points out that “these groups are experts in attacking software versions that are out of date and in using tuned phishing attacks to be able to compromise user accounts”.

According to Marcén, cyber attackers claim to have in their hands four terabytes of information. AND publication risk is “very high“, as pointed out by the head of the General Police Station for Criminal Investigation of the Mossos d’Esquadra, Ramón Chacón, precisely because of the Government’s refusal to make the payment.

Chacón explained that the Catalan police are doing ‘cyber patrol’ on the Internet and also on the ‘deep web’ to locate the data, should the authors publish it, and to remove all information from the system “as quickly as possible”.

The Kaspersky analyst details the alleged group of attackers that “is not dedicated exclusively to ransomware attacks, but also offers a collaboration platform for other allied groups to carry out combined attacks“.

“It has a very large offensive capacity, since they are highly specialized teams in hacking techniques”, he adds, stressing that “even if institutions and companies have mature cybersecurity, they can perfectly well be the target of an attack”.

Therefore, he explains that awareness is important to protect against ransomware-type attacks; both users and employees must be aware of what is happening. Having alliances with a strategic partner in cybersecurity helps to protect the systems and having intelligence analysis allows us to see what are the risks that each organization faces and the way in which they can be remedied.