Il: Ransomware attack on Israeli IT company impacts more than 100 customers, including hospitals

Posted on by chum1ng0

Note: this report is a summary based entirely on machine translation of articles on ynet by Tal Shahaf and Calcalist by Raphael Kahan.

Shahaf reports that  Pionet , which is owned by Malam Tim, suffered a ransomware attack that has paralyzed many of the company’s systems and the sites of more than a hundred of the company’s customers, including Assuta, Rambam, Hadassah, Budget Car Rental Company, Sonol Fuel Company, and Apple importer Idigital. Idigital’s customers include the Israel Electric Corporation and Israel Railways.

The attackers have reportedly demanded a ransom of about half a million shekels (conversion: $151,861.82 USD). A ransom note demands an immediate/preliminary payment of $5000.00 in Monero.

Ransom Note
Image credit: ynet. Redacted by DataBreaches.net.

Kahan reports that the company had been warned months ago that its systems were vulnerable to attack, and the firm was reportedly given specific recommendations how to harden its security. As of the time of the attack, the company had allegedly not implemented any of them.

Both articles suggested inadequate security by Pionet had contributed to the attack, with the ynet article noting that the backup server had also been encrypted and an unnamed cybersecurity expert claiming that the customers, too, had failed to take proper security precautions. Of note, there was a report that once the attackers gained a foothold in Pionet, they were able to reach all systems managed by Pionet because they allegedly all used the same password.

The Assuta hospital, one of those impacted by the attack, reported that their appointment system was impacted for one day. It is not yet clear whether any patient information or care other than appointment scheduling was impacted by the attack on Pionet, but there  was a report that only marketing systems for hospitals were impacted.

Malam Tim had not issued any statement at the time these articles were published. The type of ransomware was not reported and while Calcalist reported some speculation that this might be the work of Iranians, there has been no proof of that.

Reporting by Chum1ng0, editing by Dissent

Category: Business SectorMalwareSubcontractor