Romanian authorities said the four were members of a hacking group that went online as PentaGuard.
Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT) said the group's members owned malware such as remote access trojans and ransomware, tools to perform website defacements, and tools to exploit SQL injection vulnerabilities to breach web servers and steal data.
DIICOT said it learned that the group was preparing attacks against Romanian hospitals, where they were planning to deploy ransomware.
DIICOT -- aided by Romania's secret service agency (SRI) -- said the hackers intended to send emails with COVID-19 lures to hospitals to infect computers, encrypt files, and disrupt hospital activity.
Suspected group members have now been detained by authorities. Group member names have not been publicly released.
