Cyber Incident Victim: Pionet
Date:
Jul 2021
Location:
Israel
Summary
A ransomware attack on Israeli IT provider Pionet paralyzed its systems and impacted over 100 customers, including hospitals and major corporations such as Assuta, Rambam, Budget Car Rental, and Apple importer Idigital. Attackers demanded approximately $152,000, with an initial $5,000 payment in Monero, after exploiting unaddressed vulnerabilities for which the company had received prior warnings. Security failures included unhardened systems, an encrypted backup server, and shared credentials across all managed customer systems enabling widespread compromise. Hospital appointment scheduling experienced one-day disruptions, though only marketing systems were confirmed affected, with no verified exposure of patient data or broader care impacts. The parent company did not publicly comment following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around July 19, 2021, Israeli IT company Pionet, owned by Malam Tim, suffered a ransomware attack that paralyzed its internal systems and compromised the websites of more than 100 customer organizations. The attackers encrypted critical infrastructure, including Pionet’s backup server, and demanded a ransom of approximately 500,000 shekels ($151,861.82 USD), with an immediate preliminary payment of $5,000 in Monero cryptocurrency. Affected customers spanned multiple sectors, including healthcare providers Assuta, Rambam, and Hadassah hospitals, commercial entities Budget Car Rental and Sonol Fuel Company, and technology firm Idigital—whose clients included Israel Electric Corporation and Israel Railways. Reports indicated Pionet had been warned months prior about specific vulnerabilities in its systems and provided with security hardening recommendations, none of which were implemented before the attack. The intrusion reportedly exploited weak credential practices, as all systems managed by Pionet used the same password, enabling attackers to access all customer environments after initial compromise.
The attack disrupted critical services across Pionet’s client base, with Assuta Hospital confirming its appointment scheduling system was nonfunctional for one day. While initial assessments suggested only hospital marketing systems were affected, the full impact on patient care or data exposure remained unverified at the time of reporting. Cybersecurity experts cited in source material attributed the breach to inadequate security measures by both Pionet and its customers, noting systemic failures in basic precautions. No public statements were issued by Malam Tim regarding remediation efforts, ransom payment status, or customer notifications. Although Calcalist reported unverified speculation about potential Iranian involvement, no evidence substantiated these claims. The ransomware variant used in the attack was not identified in available reports, and recovery timelines for affected systems were undisclosed.