Cyberattacks continue to interfere with vaccination efforts and municipal governments
Cyberattacks continue elsewhere as the two reports below show. One attack impacted the COVID-19 vaccination portal in the country of Georgia. An unrelated attack affected a municipality in Romania.
Like many countries, Georgia has been dealing with a significant increase in number of new COVID cases after previously lifting some restrictions.
On July 2, the country received one million doses of the Sinopharm and Sinovac vaccines from China. A reservation window was opened for people to register to get the vaccine, but on Saturday (July 3), the registration portal at booking.moh.gov.ge was hacked, disrupting the sign-up process for the day.
Ekhokavkaza reported (translation) that the Georgian Ministry of Internal Affairs launched an investigation into the cyberattack:
The Ministry of Internal Affairs opened a case under Articles 285 and 286 of the Criminal Code of Georgia – “illegal use of computer data and computer systems”, as well as “encroachment on computer data and computer systems.”
In an update on July 4, Tass reported that the site was restored nearly a day after the attack. Georgia’s National Center for Disease Control & Public Health issued a notice on its Facebook page that the booking page had been restored and citizens were encouraged to sign up to get vaccinated.
The municipality of Oradea issued a statement on July 5 about an attack. A machine translation indicates that in the “Counter Room” (Pyramid) on the first floor of the municipal hall, no functions could be performed other than collecting taxes and duties.
While the municipality reassured the public that 100% of the data would be recovered from the ransomware attack by using backups, it was not clear how long that restoration would take.
“Until its complete restoration, the IDC document management system will not be operational,” the municipality writes, apologizing for the inconvenience.
Puterea reported that the city administrator, Mihai Jurca, described the attack this way (translation):
The attack started from a file inserted on the City Hall servers that infected the surrounding files. In such cases, the protocol requires disconnecting the system, neutralizing the infected files, checking the databases to see if there are other affected files. The network in the office with the public was stopped for security reasons.
On July 6, the city announced that all operations had been resumed in the morning and all data had been recovered.
Neither Georgia nor Oradea mentioned the specific type of malware used in the attacks on them or who the threat actors might be. The Oradea incident was specifically identified as a ransomware incident. The Georgia incident was not labeled as such but sounds like it may have been one.
Reporting by Chum1ng0 with contributions by Dissent; editing by Dissent