“Pentaguard” – A Ransomware Group of Four, Arrested in a House Raid


A popular ransomware commonly known as “Pentaguard” has been taken into custody. The gang was behind the massive operation of slipping “Locky Ransomware” in the hospital systems and other potential cybercrimes.

Romania and Moldova, two locations where the convicts were found in a house raid by Romanian Law Enforcement Agency. The operation was officially called “Operation Spearhead”.

What are they being charged for:

  • Computer forgery
  • Alteration of computerized data
  • Illegal access to computer systems
  • Use of computers and programs for cyber terrorism

According to government agencies, these are the few of many charges that the newly formed group would be facing.

How did they carry out the cyber attacks?

According to the researchers and official authorities, “Pentaguard” conducted most cyber attacks in a two-step process.

First, they would inject the targeted systems with SQL as a part of the initial process. SQL is a code injection technique where the attackers then insert malicious statements into the entry field.

Second step of the process consists of actual malware upload like Locky, that enabled them to conduct spread remote access trojans (RATs) and conduct extortion campaigns on the medical facilities regarding the threats of COVID-19.

Healthcare and medical institutions continue to be attacked relentlessly throughout the world, even though some ransomware groups like Maze, claimed to back off during the ongoing Coronavirus pandemic.

Renowned online media source ThreatPost published a statement from a Romanian officials, “Through this type of attack, there is the possibility of blocking and severely disrupting the functioning of the IT infrastructure of those hospitals, part of the health system, which plays a decisive and decisive role at this time, to combat the pandemic with the new coronavirus,