Backmydata

Malware updated 5 days ago (2024-11-29T14:26:27.365Z)

Download STIX

Preview STIX

Backmydata is a variant of the Phobos ransomware family, a type of malware that has been used in sophisticated cyber attacks on healthcare systems. The landscape of these attacks is rapidly evolving with groups like RansomHouse, Rhysida, and Backmydata employing increasingly advanced tactics. In one notable incident, an unidentified threat actor infected systems at approximately 100 hospitals in Romania by first targeting a central health information system to which they were connected. This attack was executed using the Backmydata malware, which demanded a ransom of 3.5 BTC or 157,000 euro. The method of breach was highly sophisticated, with the suspected entry point being the RSC infrastructure’s website. The attackers utilized Backmydata ransomware, which is part of the larger Phobos family. As of now, no specific group has claimed responsibility for encrypting the servers of Hippocrates Information System, but it is confirmed that the Backmydata ransomware was used in the attack. In response to the growing threat, US CISA, the FBI, and MS-ISAC issued a joint cybersecurity advisory (CSA) in March 2024 to warn of attacks involving Phobos ransomware variants such as Backmydata. They urged all health entities to scan their IT&C infrastructure using the Indicators of Compromise (IOCs), regardless of whether they had been affected by the Backmydata ransomware attack. This highlights the critical importance of proactive measures in preventing such cyber attacks.

Description last updated: 2024-11-21T10:25:14.398Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Phobos is a possible alias for Backmydata. Phobos is a form of malware, specifically ransomware, that has been active since May 2019. The operation utilizes a ransomware-as-a-service (RaaS) model and is responsible for numerous cyber attacks worldwide. Threat actors behind Phobos gained initial access to vulnerable networks through phishing	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Backmydata Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	13 days ago	Phobos Ransomware admin faces cybercrime charges
CERT-EU	9 months ago	Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack
Checkpoint	9 months ago	19th February – Threat Intelligence Report - Check Point Research
BankInfoSecurity	10 months ago	Breach Roundup: Zeus Banking Trojan Leader Pleads Guilty
DARKReading	10 months ago	Ransomware Wave at Romanian Hospitals Tied to Healthcare App
CERT-EU	9 months ago	Investigating the Shadows: Is Russia-Linked Phobos Ransomware Group Responsible for Romanian Healthcare Disruption?
Securityaffairs	9 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
DARKReading	9 months ago	FBI, CISA Release IoCs for Phobos Ransomware
CERT-EU	9 months ago	FBI, CISA Release IoCs for Phobos Ransomware \| #ransomware \| #cybercrime \| National Cyber Security Consulting