FabSwingers.com > Forums > Ireland > HSE ransomware attack
HSE ransomware attack
Jump to: Newest in thread
 |
By *ubal1 OP Man
over a year ago
Newry Down |
The depths to which cyber criminals will sink in order to satisfy their greed has reached a new nadir, withe the ransomware attack on Ireland's Health Service Executive.
This type of attack is normally on commercial and business organisations, such as the recent attack in the USA on the fuel pipeline that caused panic buying of fuel.
Greed is clearly the principal motivation, but I am puzzled about the psychology of criminals who have attacked a national health service, to extract a ransom.
Regrettably this type of crime is easier to execute in an IT-based and interconnected society.
The expertise of these criminals and their professional associates means it is highly unlikely that they will ever be caught, or deterred from future attacks. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
It is interesting that not a single person has commented on this posting; this attack has massively disrupted Ireland's health service (and Tusla) and will continue to do so, potentially for several months. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
It's serious of course but it's up to the HSE to maintain their IT systems to at least reduce the chances of this happening and above all not pay any ransom. The system ticked on albeit in a hampered way. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
Yeah it's terrible but inevitable. It has happened to loads of organisations. Cyber criminals are looking for targets like this with sensitive data to extort money. I would be hoping the HSE and their highly paid IT security consultants and engineers were expecting this and have backups in place of all data so they don't have to pay the ransom. But then their is the problem of data being stolen. The HSE IT Systems are massive so creates many more opportunities to hack....weak links and that includes people working for HSE opening malicious links in emails and falling for phishing scams. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
They're not particularly bothered about who they attack, the principal motive is to pick a ripe target and obviously with the HSE they have that. There's lots of sensitive data on their systems. I'm the HSE have it safely backed up but the real risk is that the cyber criminals might threaten to put such data on a website where it could be accessed. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *dfabMan
over a year ago
Dunboyne |
"Definitely will impact people waiting on critical test results, medication management and all sorts of surgeries and appointments. People will & could die from the delays..  "
 This!!
Whatever about companies, who should increase their IT spend exponentially as they grow, no national health service in the world has been able to do this.
The very sad fact is that there will likely be lives lost as a result of this.
Whatever slight respect I had for hackers, as an IT head, is gone with this attack.
People's lives should never be held to ransom and that's what this is. Interpol should be involved and these folks traced and prosecuted to the highest order. |
Reply privately, Reply in forum +quote
or View forums list | |
Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data? |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
"Perhaps this will teach them to invest in modern IT systems, maintain them properly, and pay for up to date security systems."
I am certain that the seriousness of this ransomware attack is only going to become evident over the coming weeks; IT systems' security within national and privatised health services is notoriously poor because of a lack of investment, inadequate expertise inhouse and insufficient forethought and preplanning to establish robust firewalls.
The US fuel pipeline last week allegedly have to pay 33% of the demanded sum of 15,000,000 dollars.
Appointments that were affected by the pandemic are being cancelled, much to the distress of HSE users.
Watch this space!
|
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
"Whatever happened to offside and offline backups. When I worked in IT we could restore a server in a couple hours."
I haven't yet been out to get the Irish Times, but from RTE news reports, this is a lot more serious that data theft or encryption.
The system is being actively attacked by the hackers in real time; this particular ransomware has been around since last year and is exceptionally insidious.
I'm sure the IT will have a thorough analysis. |
Reply privately, Reply in forum +quote
or View forums list | |
"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data? "
They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers... |
Reply privately, Reply in forum +quote
or View forums list | |
"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data?
They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers... "
I still don't really understand how this can cause so much damage. If they have data backups then why can't they just take the systems offline patch whatever hole they used in the first place to secure it, then restore the data, change passwords as they are probably compromised, and you're back online. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
This attack is being orchestrated by professional extortionists who are very good at their business, and are not necessarily Russian, North Korean or Chinese agencies.
Payment of the ransom is usually via a cryptocurrency; Bitcoin or a rival.
Apparently, patches or password changes or data retrieval won't be enough according to RTE correspondent, Will Goodbody. |
Reply privately, Reply in forum +quote
or View forums list | |
"This attack is being orchestrated by professional extortionists who are very good at their business, and are not necessarily Russian, North Korean or Chinese agencies.
Payment of the ransom is usually via a cryptocurrency; Bitcoin or a rival.
Apparently, patches or password changes or data retrieval won't be enough according to RTE correspondent, Will Goodbody."
Wow. I guess they are exploiting some kind of unpatched and unknown bug. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *aid backMan
over a year ago
by a lake with my rod out |
"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data?
They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers... "
If you pay them once you'll have to keep paying them. |
Reply privately, Reply in forum +quote
or View forums list | |
"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data?
They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers...
I still don't really understand how this can cause so much damage. If they have data backups then why can't they just take the systems offline patch whatever hole they used in the first place to secure it, then restore the data, change passwords as they are probably compromised, and you're back online. "
They probably have some nasty heuristic virus planted in the hse server which can be armed at will.. Its serious.. People personal data has been compromised no doubt.. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
This ransomware attack, using the Conti malware, and probably originating from the Russian Spider criminal group in St.Petersburg has taken a further sinister twist; aside from the 85,000 computers and servers being infected for at least the past two weeks, the Department's computer has also been infected.
HSE employees have been obliged to return a to handwritten system of working and access to previous records, reports, analyses and other diagnostic tools has been unavailable.
This is a disaster for the Republic's health service, that has already been overstretched by Covid infections and the problematic vaccination programme.
Government ministers have stated that payment (of the ransom) will never happen but much larger and more professionally managed organisations have been obliged to pay within the last few years to avoid the demise of their organisations.
Ransomware is effectively a new form of terrorism, that thrives within nation states such as Russia, which does not have any extradition agreements with western economies.
It is probably inevitable that deaths will occur because of cancelled appointments and surgical procedures, over the coming months. |
Reply privately, Reply in forum +quote
or View forums list | |
"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.
I imagine servers they have cannot be trusted again for potential leaking of data?
They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers... "
How much do you want to bet it was Israeli hackers? They are some of the worst (best) in the world. They are notorious for targeting governments - like Iran and any others that defy them or point out their authoritarianism. When did Ireland start to revolt against the missile strikes and call for the removal of the Israeli ambassador? And when did this happen? There was also an attack on the Dept of Health. It's not out of the realm of possibility. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
"
How much do you want to bet it was Israeli hackers? They are some of the worst (best) in the world. They are notorious for targeting governments - like Iran and any others that defy them or point out their authoritarianism. When did Ireland start to revolt against the missile strikes and call for the removal of the Israeli ambassador? And when did this happen? There was also an attack on the Dept of Health. It's not out of the realm of possibility. "
In this interconnected world, anything is possible; but the consuls is that a modified version of the Ryuk ransomware is probably responsible.
I was speaking to a computer specialist yesterday who told me that the navigation specialists, Garmin, had been targeted last year and paid out 20,000,000 dollars to a group of Russian hackers, in order that this international company could continue to function.
This coming week will be interesting for the already overstretched HSE and associated agencies, such as Tusla.
Israeli hackers have been successfully targeting the Iranian nuclear fuel processing facilities, which wants to manufacture nuclear weapons; some elements within Iran have stated their intention to wipe Israel off the face of the earth.
|
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
Some hospitals, that have long since abandoned any paper-based systems have now been crippled, and are obliged to suspend operations for the next seven days.
Elective surgery appointments have been cancelled, as have many other procedures.
I find it difficult to understand the mindset of the instigators of this despicable disruption that may cost lives, and is causing enormous distress to those with health issues.
Unfortunately, these hackers will probably never be brought to account, because no extradition agreements exist with the former USSR. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
There was an excellent analysis of this issue on Live line today-Monday; worth listening to on RTE Player.
Interview with professional reformed Irish hacker, who is now employed as security IT consultant. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *ubal1 OP Man
over a year ago
Newry Down |
It is not necessarily that they receive Russian government funding, but that a blind eye is turned to their criminal activities abroad, if they assist Putin's agencies, if instructed to do so.
A perverse symbiotic relationship.
Watch to see how serious this situation will become over the coming months; their will be deaths in Ireland because of this ransomware attack. It is extremely serious. |
Reply privately, Reply in forum +quote
or View forums list | |
» Add a new message to this topic
this is only getting worse.. 
