Read in Catalan

Catalonia's Mossos d'Esquadra police have struck a blow against the cyberattackers who stole 4 terabytes of personal medical information after accessing the computer system of a major Barcelona public health centre, the Hospital Clínic. The digital-era criminals, who call themselves Ransom House, began to leak the data, thus revealing critical and confidential data belonging to people linked to the leading Catalan hospital. The Hospital Clínic and the Catalan government have avoided any kind of negotiation with the authors of the ransomware attack and have publicly explained that they will not offer any kind of financial deal to the extortionists.

To deal with the latest move, the Catalan police have carried out a counterattack on the deep web, the platform used by the hackers to spread their information and, at the same time, attempt to blackmail the Catalan government into paying a ransom for the data in order to prevent further leaks. The counterattack by the Mossos police had the objective of blocking the system from which the data leaked by the cybercriminals could be accessed.

Between 3 and 4 gigabytes of data had been uploaded to the site, a step taken by the criminals to demonstrate their strength and their ability to access the data they had illegally stolen from the Hospital Clínic. At the Mossos d'Esquadra and also at the Cybersecurity Agency of Catalonia, they are convinced that the thieves will continue to leak information if they do not receive a response to their ransom request for 4.5 million dollars. The malicious intentions of the Ransom House hackers have now grown in scale after the attack led by the Mossos d'Esquadra and which allowed users of the dark internet to access the data.

The details are secret

The Mossos did not want to give details of how this blockage was implemented and how the website from which the leaked data was distributed was attacked. What has been able to learn, however, is that the blockade affects the external part of the Ransom House platform and that the critical part of the cybercriminals' servers has not been affected.

Moreover, although it was possible to block the access, the Catalan police investigators themselves are aware that the hackers have the ability to counterattack themselves by duplicating the code of the platform they had mounted and reactivating the distribution of the data on another server, or overcoming the police blockade. What everyone recognizes is that the war against these internet criminals is asymmetrical and no quarter is being given.

Less vulnerable

Beyond the success of the Mossos operation to block access to the data leaked by Ransom House, the Catalan police, despite being cautious, say that the strike against the cybercriminals is important to show that the Catalan government structure can counterattack, which could serve as a deterrent. Hackers will tend to choose to attack other places where they have to assume less risk for themselves after seeing how the police operation has been able to access a location on the dark web, which until now seemed reserved for digital terrorists and where police could not access.

Beyond this counterattack by the Mossos against the thieves at the Hospital Clínic, the investigation continues, more technical than police-based, in order to restore 100% of the service. The Cybersecurity Agency of Catalonia, the Mossos and those responsible for the hospital itself are convinced that the thieves will continue to leak data and will attempt, as they have already done, other attacks against hospitals and critical bodies. In addition, now, after the Mossos attack, it remains to be seen whether the police will also become the target of these digital criminals.

The attack against Barcelona's Clínic follows the same modus operandi as other attacks by the same group of hackers. They carry out the attack via ransomware - obtaining entry into the operating system with infectious software, frequently achieved via e-mail and the carelessness of some employee - they then claim responsibility for the attack, attempt to extort those responsible and, if they do not receive the money they ask for, they leak information. The platform from which the data had been leaked, which could be accessed from Telegram channels that they also control, announced the leak of data from the Hospital Clínic de Barcelona but has been put out of action at present. It remains to be seen how long the Mossos and digital experts can keep it blockaded.