Backmydata

Malware updated 4 months ago (2024-05-04T19:23:18.005Z)

Download STIX

Preview STIX

Backmydata is a variant of the Phobos ransomware family, a malicious software (malware) designed to exploit and damage computer systems. It has been used in sophisticated cyber-attacks on healthcare entities, notably hospitals. The landscape of such attacks is evolving, with groups like RansomHouse, Rhysida, and others employing more advanced tactics. The method of breach involving Backmydata was intricate, suspected to have originated from the compromised website of the RSC infrastructure. This malware is part of an expanding list of Phobos variants including Devos, Eight, Elking, and Faust. In one significant incident, a threat actor affiliated with Phobos infected systems at approximately 100 hospitals in Romania. The attacker initially targeted a central health information system connected to these hospitals, subsequently spreading the Backmydata ransomware across the network. While no specific group claimed responsibility for this attack, the servers of the Hippocrates Information System were encrypted using Backmydata, with the unidentified attackers demanding a ransom of 3.5 BTC or 157,000 euros. In response to these escalating threats, US CISA, the FBI, and MS-ISAC issued a joint cybersecurity advisory (CSA) warning of attacks involving Phobos ransomware variants such as Backmydata. They underscored the importance of using Indicators of Compromise (IOCs) for scanning IT&C infrastructure across all health entities, irrespective of whether they had been affected by the Backmydata ransomware attack. As the sophistication of these attacks increases, vigilance and proactive measures are critical to maintaining the integrity and security of healthcare systems.

Description last updated: 2024-03-19T03:27:01.111Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phobos	5	Phobos is a type of malware, specifically ransomware, that infiltrates computer systems with the intent to disrupt operations, steal personal information, or hold data hostage for ransom. The malicious software can infect devices through suspicious downloads, emails, or websites, often without the u

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Backmydata Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack
Checkpoint	7 months ago	19th February – Threat Intelligence Report - Check Point Research
BankInfoSecurity	7 months ago	Breach Roundup: Zeus Banking Trojan Leader Pleads Guilty
DARKReading	7 months ago	Ransomware Wave at Romanian Hospitals Tied to Healthcare App
CERT-EU	6 months ago	Investigating the Shadows: Is Russia-Linked Phobos Ransomware Group Responsible for Romanian Healthcare Disruption?
Securityaffairs	6 months ago	US cyber and law enforcement agencies warn of Phobos ransomware attacks
DARKReading	6 months ago	FBI, CISA Release IoCs for Phobos Ransomware
CERT-EU	6 months ago	FBI, CISA Release IoCs for Phobos Ransomware \| #ransomware \| #cybercrime \| National Cyber Security Consulting