On Sunday, the National Cyber Directorate and Health Ministry in Israel declared it had noticed a dramatic increase in attacks conducted by ransomware threat actors over the weekend, which targeted the networks of at least nine Israeli hospitals and health centers.

According to the joint statement, the targeted Israeli hospitals and health organizations didn’t suffer any damage, as measures such as identifying the flaws and securing them had been taken in advance to prevent the attacks from being successful. Also, the local IT teams were very efficient, and their response was quick. 

A Ransomware Attack Took Place Before the Weekend

Unfortunately, Hillel Yaffe Medical Center in Hadera wasn’t so lucky. The measures mentioned above were taken in response to a ransomware attack on the health institution on Wednesday.

Hillel Yaffe Medical Center in Hadera was impacted by a significant ransomware attack that destroyed the majority of the medical center’s computer systems.

For the time being, the health center is still struggling to restore its systems, and for the sixth day in a row, its employees are admitting patients and circulating exams on “pen and paper.”

It will take some time for the hospital to return to normal operations, but there’s hope. However, Hillel Yaffe Medical Center is concerned that some medical records will be forever lost, as the attackers allegedly accessed the backup system and erased all the copies saved there in case of emergency.

Reuven Eliyahu, the cybersecurity chief in the Health Ministry declared:

This is probably a Chinese hacker group that broke away from another group and started working in August. The motive for the attack was purely financial.


Hillel Yaffa Medical Center can’t pay the requested ransom as it is a government-owned hospital, and by law, it is prohibited from negotiating with cybercriminals or paying a ransom.

Who Is Responsible for the Hillel Yaffa Medical Center Attack?

It is believed that the Chinese group of hackers using the ‘DeepBlueMagic’ ransomware strain are behind the attack.

On Wednesday, the 11th of August, in the morning, our team of security experts was alerted to an incident that turned out to be a new ransomware strain along with a ransomware note, signed by a group dubbing themselves ‘DeepBlueMagic’.

As we said in the article, the new ransomware strain is a complex one, displaying a certain amount of innovation from the standard file-encryption approach of most others.

DeepBlueMagic is notorious for deactivating security solutions that normally notice and block file encryption efforts, allowing successful attacks to occur.

According to BleepingComputer, the organizations are recommended to take the following measures:

  • Review the IOCs in the CSV file and check if they have been observed in their environment.
  • Perform an active scan of all systems and include the file hashes in the organization’s AV/EDR solutions.
  • Make sure all VPN and email servers are upgraded to the latest version to resolve any vulnerabilities that threat actors can use to gain access to internal networks.
  • If servers are not up to date, update them and perform password resets for all users.
  • Increase monitoring for unusual events in the corporate networks.
  • Report any breaches or unusual activity to the Israeli Israel National Cyber Directorate.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Recent Ransomware Attacks

Ransomware Payouts in Review: Highest Payments, Trends & Stats

Ransomware Explained. What It Is and How It Works

DeepBlueMagic Ransomware Strain Discovered by Heimdal™ – New Ransomware, New Method

Leave a Reply

Your email address will not be published. Required fields are marked *