Backmydata

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Backmydata is a variant of the Phobos ransomware family, a malicious software (malware) designed to exploit and damage computer systems. It has been used in sophisticated cyber-attacks on healthcare entities, notably hospitals. The landscape of such attacks is evolving, with groups like RansomHouse, Rhysida, and others employing more advanced tactics. The method of breach involving Backmydata was intricate, suspected to have originated from the compromised website of the RSC infrastructure. This malware is part of an expanding list of Phobos variants including Devos, Eight, Elking, and Faust. In one significant incident, a threat actor affiliated with Phobos infected systems at approximately 100 hospitals in Romania. The attacker initially targeted a central health information system connected to these hospitals, subsequently spreading the Backmydata ransomware across the network. While no specific group claimed responsibility for this attack, the servers of the Hippocrates Information System were encrypted using Backmydata, with the unidentified attackers demanding a ransom of 3.5 BTC or 157,000 euros. In response to these escalating threats, US CISA, the FBI, and MS-ISAC issued a joint cybersecurity advisory (CSA) warning of attacks involving Phobos ransomware variants such as Backmydata. They underscored the importance of using Indicators of Compromise (IOCs) for scanning IT&C infrastructure across all health entities, irrespective of whether they had been affected by the Backmydata ransomware attack. As the sophistication of these attacks increases, vigilance and proactive measures are critical to maintaining the integrity and security of healthcare systems.
What's your take? (Question 1 of 1)
a920bd72-e842-4ca4-b919-1e5d4206018c Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Phobos
5
Phobos is a type of malware, specifically a ransomware that has been causing significant disruptions in the cyber world. The malicious software operates by infiltrating systems through suspicious downloads, emails, or websites without user awareness. Once inside, it can steal personal information, d
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Backmydata Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
Investigating the Shadows: Is Russia-Linked Phobos Ransomware Group Responsible for Romanian Healthcare Disruption?
Checkpoint
3 months ago
19th February – Threat Intelligence Report - Check Point Research
CERT-EU
3 months ago
FBI, CISA Release IoCs for Phobos Ransomware | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
3 months ago
Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack
DARKReading
3 months ago
Ransomware Wave at Romanian Hospitals Tied to Healthcare App
BankInfoSecurity
3 months ago
Breach Roundup: Zeus Banking Trojan Leader Pleads Guilty
DARKReading
3 months ago
FBI, CISA Release IoCs for Phobos Ransomware
Securityaffairs
3 months ago
US cyber and law enforcement agencies warn of Phobos ransomware attacks