Cyber Attackers Strike Fear Into Romanian Hospitals

Romanian hospitals are on heightened alert since late last week, when the authorities told doctors and hospital administrators to be vigilant after a wave of cyber attacks against several medical centres.

Romania’s Ministry of Health says hackers targeted nine hospitals in Bucharest and other towns in recent weeks. “Some hospitals have had problems with admissions and with access to their databases,” the ministry’s spokesperson, Oana Grigore said.

“They are criminal attacks,” Ovidiu Marincea, from the Romanian Intelligence Service, SRI, told BIRN. “They were conducted by hackers to gain money.”

“After encrypting the institutions’ data, they demand a ransom, which can be paid in money into an account or in cryptocurrency or any other way,” Marincea explained. “If those who are targeted pay up, the hackers tell them their data will be decrypted.”

The SRI, whose investigation into the attacks is still underway, believes the criminals behind the attacks are from China. Marincea previously told local media that “the times in which the hackers were active” and the traces they left in their messages to their victims pointed to that scenario.

One of the targeted hospitals is the Dimitrie Castroian Municipal Hospital of Husi, in northeastern Romania. Its manager, Lucia Rotaru, told the media last week that the centre had lost part of its data.

“On April 21, the server was attacked and encrypted. The data was lost. We haven’t fully solved [the problem] yet,” he said. The attack took the hospital by surprise, Rotaru added, saying the hospital could not repel it despite having “a security system in place”.

The Romanian National Computer Security Incident Response Team, CERT-RO, the SRI and a private cybersecurity company, Bitdefender, have issued advice to hospitals to help them deal with further attacks.

“Don’t open files received via email unless you know the sender,” the advice reads. It warns against “irresistible promotions” in emails and recommends having all files backed up offline and an antivirus program installed. The Ministry of Health has sent the advice to all medical units in the country.

With more than 500 million users worldwide, Romanian anti-virus developer Bitdefender is one of the sector’s leaders. It collaborates with the Romanian authorities and with Interpol in preventing and investigating malware attacks.

Security agencies and private cyber companies warned earlier of the country’s vulnerability on the internet. In April, the National Cyberint Center, which is part of the SRI, warned of possible cyberattacks on the IT systems of public institutions during the EU and presidential elections this year.

Bitdefender said that Romania could be the most vulnerable country in the world to a new type of cyber attack, called Scranos, which steals all of the victims’ passwords and banking info and compromises their activity on social media.

The international cybersecurity company Kaspersky said the attacks on hospitals in Romania form part of an alarming global trend. There have been similar cases in the US and Germany.

“In many cases of ransomware, their success is based on four main types of problems: not all systems in the network have an antivirus; operation systems are old and not upgraded; passwords used by administrators and users are weak; users open email attachments without checking their source,” Kaspersky representatives said on June 21.

Faustino Blancos, Secretary General for Health and Consumer Affairs of Spain, is welcomed by Romanian Health Minister Sorina Pintea in Bucharest, Romania, 2019. Photo: EPA-EFE/ROBERT GHEMENT

Attacks on medical institutions and other institutions are often launched through “phishing” messages or messages containing infected attachments.

“They pretend to come from a legitimate source and encourage the victim to open a link or attachment,” Bitdefender’s senior e-threat analyst, Liviu Arsene, told BIRN.

The content of the messages are tailored specifically to entice the victim, he explained, and take into consideration the industry the person is working and even their department within the institution.

If sent to a human resources worker, for example, the email might come as a job application, and the ransomware be disguised as the candidate’s CV, Arsene noted.

The virus can also be installed on the computer after the hackers take control of it remotely. In both cases, the procedure is the same. “The victim sees a message on the screen with all the instructions he needs: how much the ransom is and how much it will grow by if he doesn’t pay within 24 or 72 hours, where he should buy the cryptocurrency from…” the same expert said.

Sometimes, he continued, those affected are instructed to start negotiations with the hacker at an email address. “The data doesn’t leave the computer. It remains on it, only you can’t access it,” Arsene said, explaining how ransomware works.

When the ransomware used has a vermin-type of behaviour, the malicious virus doesn’t only infect one computer but the whole system. “It can paralyze an entire hospital,” warns Arsene, who names patient data and the information needed to keep medical equipment working as some of the material that is vulnerable.

“The hacker’s goal is to create panic so they can convince the victim to pay,” the Bitdefender analyst said.

In line with the Romanian authorities, Bitdefender discourages targeted victims from paying ransoms to hackers. But the institutions targeted do not always listen to them. Desperate to have their systems back on track fast, some decide to pay up, as one Bucharest hospital did two years ago. “They paid the equivalent of 10,000 euros in Bitcoin,” Arsene recalled.

“If they pay a ransom, the victims have no guarantee that the perpetrators will honour their promise and give them back access to their data,” a CERT-RO statement on the latest wave of attacks read.

“They could be targeted again by the same group, as they already have a history of being a good payer,” the same text warned. Ransom payers thereby risk funding “the development of increasingly sophisticated cybernetic threats”, it concluded.

Bitdefender experts and Romanian authorities have revealed ransomware Maoloa has been used in some of the attacks against hospitals.

“Maoloa is a malware family relatively new,” a CERT-RO statement reads. This kind of ransomware appeared in February this year and has many common traits with Globelmposter type of ransomware, the official communications goes on. It is installed in computers through malicious attachments sent via email or by hackers who gain access to unprotected systems.

The other ransomware used to encrypt data from Romanian medical centres’ computers is Phobos, “one of the many varieties of prolific [ransomware] family Crysys.” Phobos gets makes it into the targeted computers after cyber criminals have breached in with Remote Desktop Protocol.

Online Abuse Now Commonplace for Balkan Women Reporters

As a female journalist in Serbia, Tatjana Vojtehovski had faced online intimidation before.

But the attacks grew worse in 2015 after she hosted a talk show on Serbian television on paedophilia in the Serbian Orthodox Church, a taboo subject for many socially conservative Serbs.

“I admire people who claim they’re not afraid. I am afraid,” said 49-year-old Vojtehovski. “People say, ‘it’s only online, it’s the virtual world’. I say that’s not true because those people exist. They exist and they are on the streets.”

Last month, the appeals court in the Serbian capital, Belgrade, sentenced a Serbian man named Branko Tomic to eight months of home confinement after he pleaded guilty to making death threats against Vojtehovski and her 28-year-old daughter via Twitter.

Tomic’s crime was just one in a growing global epidemic of online attacks against women journalists.

The Balkan region is no exception, and while Vojtehovski received a measure of justice, others say they see little point in complaining to employers or the police given what critics say is a systematic failure to punish the perpetrators, according to the findings of a BIRN analysis.

“What struck me the most was how people looked away, letting it happen,” said Milena Perovic Korac, a journalist at the Montenegrin weekly magazine Monitor, who has been the target of such abuse since 2011. “There was no reaction, and right then that was the most terrifying thing.”

Global trend

In a 2018 survey by the Washington-based International Women’s Media Foundation, IWMF, nearly two thirds of women journalists who responded said they had been threatened or harassed online at least once.

Also in 2018, the International Federation of Journalists, IFJ, reported that 66 per cent of women journalists who were victims of online harassment had been attacked based on their gender.

And for the assailants, access has never been easier.

Social media has become an indispensible tool for journalists, but simultaneously exposes them to instant praise and persecution, 24 hours a day.


According to the IWMF survey, 90 per cent of respondents reported a rise in online threats over the past five years and 82 per cent said digital attacks had increased too, “including such activities as having social accounts hacked or data stolen or compromised.”

Online abuse of women journalists target not only their work but their gender, frequently referencing their appearance, family life and personal relationships.

‘Whore’, ‘slut’ and ‘prostitute’ are just some of the insults women journalists report receiving online every day.

Experts say such attacks are sexist in nature and used to intimidate, discredit and frighten, often affecting how the journalist does her work and how she behaves in her private life.

Tracking such threats in the Balkans is not easy. Authorities and journalist associations rarely differentiate online threats from other forms of intimidation, such as verbal or physical abuse.

Serbia’s climate of intimidation

In its latest report, U.S.-based democracy watchdog Freedom House characterised Serbia as ‘partially free’, and cited an “environment of intimidation and harassment that inhibits journalists’ day-to-day work”.

“Smears and verbal harassment from politicians and online accounts are omnipresent, and attacks by government-friendly tabloids are a regular occurrence. Media workers are frequently called “traitors” and “foreign mercenaries,” it wrote.

Statistics gathered by the SHARE Foundation, a Serbian-based non-governmental organisation dealing with digital rights, support the report’s findings.

In 2018, SHARE registered four cases of online threats against female journalists. One person was arrested in May of that year.

SHARE registered another four just in the first five months of this year, including two against the prominent female investigative journalist Brankica Stankovic, who received police protection in 2009 due to death threats made against her.

SHARE said the deputy mayor of the southern Serbian city of Nis had also insulted female journalist Sena Todorovic via Twitter and the editor of the website Kolubarske, Darija Rankovic, had also been subjected to pressure.

In 2017, SHARE registered two such cases, six in 2016 and seven in 2015.

In Bosnia, for example, the local association of journalists said it had registered 52 attacks against female journalists, online and otherwise, between 2016 and April 2019.

While a number of cases resulted in convictions, “a significant number of cases have been closed due to the non-existence of grounded suspicion that they represented criminal acts,” said Una Telegrafcic, a lawyer at the Free Media Helpline of the Association of BH Journalists.

Safejournalist.net, a regional platform partly funded by the European Union and which advocates for media freedom and the safety of journalists, has documented 34 attacks in general against women journalists in Bosnia since 2015, 32 in Serbia, 13 in Kosovo, 10 in North Macedonia and eight in Montenegro.

Each country was once part of the socialist Yugoslav federation, which unraveled in the war in the 1990s.

Over the same period, the Council of Europe, Europe’s chief rights body, has received reports of seven such cases in Serbia, six in North Macedonia, six in Bosnia and four in Montenegro.

In Montenegro, Perovic Korac and others at the weekly Monitor were the target of an orchestrated campaign by Montenegrin media supportive of the ruling Democratic Party of Socialists, DPS.

Neither the government nor the prosecutor’s office responded to her complaints about a litany of online threats, so Perovic Korac and another journalist launched a private lawsuit in 2011.

A verdict was issued in the first instance in June last year, ordering Montenegrin government spokesman Srdjan Kusovac and the state to pay them 2,000 euros for insults and hate speech published in the state daily Pobjeda, where Kusovac was formerly editor-in-chief.

“In that first moment, you are on your own,” Perovic Korac told BIRN.

Psychological impact

The IWMF, in its 2018 survey, reported that a majority of abused women, 63 per cent, said the attacks against them had left psychological scars in terms of anxiety, fear or stress.

Another “alarming conclusion” of the IFJ report was that a huge majority of the cases go unpunished, with only 53 per cent of victims of online abuse reporting the attacks to their media management, union or police. In two thirds of those cases, nothing happened, it said.

Of those who chose not to report the abuse, 75 per cent said they did not believe doing so would make any difference, while 23 per cent were concerned about the effect on their work.

“It is worrying that women journalists are getting used to dealing with online harassment by themselves and assuming these situations as “common”,” the IFJ said.

Ivana Stoimenovska, a psychologist in Skopje, capital of North Macedonia, said trauma experienced by women who are the targets of sexual harassment often goes unnoticed by society, “because of the culture of concealment and silence that does not provide women with a proper venue to share their experiences and overcome fears.”

Meri Jordanovska, a Macedonian journalist at the Makfax news agency who has herself been targeted by such abuse, said that speaking out was vital for emotional healing and preventing more such attacks.


“By sharing, by opening up, you realise that you are not alone with this problem and that many other women journalists are facing the same forms of harassment, be it online or offline”, Jordanovska told BIRN.

For Jovana Gligorijevic, a journalist at the liberal Serbian weekly Vreme, such abuse has become a part of everyday life.

“Someone calling himself Damian Ky messaged me just to tell me I’m an Albanian whore, that he wants to bash my head in and that journalists are the worst kind of people who constantly disparage Serbia,” Gligorijevic told BIRN.

In his next message, ‘Ky’ asked why Gligorijevic did not kill herself.

For this story, Gligorijevic recorded all the online threats she received over a period of one week.

They ranged from calls on her to take her own life to messages describing her as “a sack of crap that lives in a shop window in the Red Light district,”  a “vaginal entrepreneur”, a “frustrated childless whore” and a “low-paid journalist who occasionally goes to Amsterdam to work as a prostitute to make ends meet”.

Perfect storm

Telegrafcic, the lawyer at the Free Media Helpline in Bosnia, said those who abused female journalists often assumed they would not resist or report the attacks and that comments regarding a journalist’s physical appearance or marital status reflected entrenched chauvinistic attitudes in the Balkans.

Female journalists are also the victims of chauvinistic comments by politicians, interviewees and their own editors or directors, Telegrafcic said.

Media expert Mehmed Halilovic said female journalists in the Balkans faced a perfect storm of widespread misogyny and disdain for journalists in general.

“There is an assumption when it comes to these macho men – they think it is easier to deal with female journalists, be it through direct threats or disparagement,” Halilovic told BIRN.

“Violence is the basic tool used by the public, which has a negative attitude towards male and female journalists, but unfortunately the authorities are also using it.”

In Kosovo, the head of the Kosovo Association of Journalists, Gentiana Begolli, said management and editorial positions in media outlets were dominated by men.

“Women journalists themselves hesitate to report the threats against them, taking into consideration thegeneral approach towards women in our society,Begolli told BIRN.

In North Macedonia, Kristina Ozimec, chief editor of the Platform for Investigative Journalism and Analysis, said threats and harassment directed against female journalists “have been left largely unaddressed for so long that they have unfortunately become commonplace, sort of an accepted form of professional risk for women engaged in this profession.”

“The harassment, often on a sexual basis, does not only come from individuals outside the workplace but also often in various forms from male colleagues in a position of power,” Ozimec told BIRN.

In Serbia, Vojtehovski said she was still dealing with the psychological impact of the online abuse she receives.

“I don’t know what they look like and whether they will cross the boundaries of written communication,” she said of her tormentors. “You live with it and you are supposed to get used to it. I never did.”

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now