Bitcoin extortionists target major Ukrainian pharmacy chain
Unknown attackers hacked the Ukrainian pharmacy network “Discount Pharmacy” (АНЦ) website and demanded a ransom in cryptocurrency, according to Nikolai Shcherbina, the company’s chief executive.
According to him, on Monday, October 11, a group of hackers breached the company’s information-security system, disrupted the site’s operations and cut internet access to the pharmacies’ branches.
The extortionists are demanding an undisclosed amount in Bitcoin.
“My principled position is not to negotiate with cyber-terrorists, and certainly not to pay them, as that would strengthen their ‘business’ and invite further attacks,” emphasized Shcherbina.
ANЦ has already reported the incident to the cyber police and other law enforcement authorities.
Technical specialists are working to restore the site’s infrastructure and to connect new routers to more than 1,000 pharmacy branches. The work could take several days.
“We are doing everything possible to catch the criminals and bring them to justice,” added Shcherbina, the ANЦ CEO.
As of writing, the pharmacy’s online ordering service is unavailable.
“All pharmacies are operating normally, but the hackers gained access to the routers and disconnected the pharmacies from the Internet. Because of this we cannot process online orders, and there are difficulties with payments via terminals,” said Nikolai Shcherbina in ForkLog’s interview.
He added that the ANЦ site had previously been attacked via DDoS, but such a breach of this scale had not occurred before.
Nikolai Shcherbina said that their specialists had managed to restore Internet access in more than 200 branches of the network:
“We plan to be fully restored tomorrow or the day after. But we do not rule out that there may be new surprises from the extortionists.”
HackControl CEO Nikita Knysh, in a ForkLog interview, suggested that the hackers most likely used publicly available ransomware builders.
“Regarding why everything collapsed, I think they connected all computers to one VPN and hit them all at once. Usually, in such cases the ransom ranges from $1,500-$2,000 up to tens of thousands of dollars,” he noted.
Knysh added that recovering the data independently would be impossible due to asymmetric encryption. Finding the attackers would also be difficult because the ransom was demanded in cryptocurrency.
“The only clue is the extortionists’ contact email, but it is usually registered through Tor and the trail goes cold,” the expert noted.
The main causes of ransomware infections are typically phishing campaigns or unpatched software.
“I don’t think the pharmacy was the target. More likely mass distribution or a network-wide breach through admin-credential guessing or exploiting vulnerabilities in unpatched software,” clarified Nikita Knysh.
ForkLog sought comment from Ukraine’s cyber police but did not receive an immediate response.
Earlier in October, Ukraine’s cyber police identified those behind the distribution of an unnamed ransomware. Under operation crypt wallets worth $1.3 million were blocked.
A number of cybersecurity specialists suggested the hackers were linked to the REvil group.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!