FabSwingers.com forum: HSE ransomware attack

By *ubal1 OP Man
over a year ago

Newry Down

The depths to which cyber criminals will sink in order to satisfy their greed has reached a new nadir, withe the ransomware attack on Ireland's Health Service Executive.

This type of attack is normally on commercial and business organisations, such as the recent attack in the USA on the fuel pipeline that caused panic buying of fuel.

Greed is clearly the principal motivation, but I am puzzled about the psychology of criminals who have attacked a national health service, to extract a ransom.

Regrettably this type of crime is easier to execute in an IT-based and interconnected society.

The expertise of these criminals and their professional associates means it is highly unlikely that they will ever be caught, or deterred from future attacks.

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

It is interesting that not a single person has commented on this posting; this attack has massively disrupted Ireland's health service (and Tusla) and will continue to do so, potentially for several months.

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

Be grand..

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

Not so; the medical, administrative and IT experts are troubled by this.

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

It's serious of course but it's up to the HSE to maintain their IT systems to at least reduce the chances of this happening and above all not pay any ransom. The system ticked on albeit in a hampered way.

Reply privately

Reply in forum

Reply +quote

By *og-ManMan
over a year ago

somewhere

Not just the HSE ...a fair few companies had no access to emails today while servers were down being checked

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

Yeah it's terrible but inevitable. It has happened to loads of organisations. Cyber criminals are looking for targets like this with sensitive data to extort money. I would be hoping the HSE and their highly paid IT security consultants and engineers were expecting this and have backups in place of all data so they don't have to pay the ransom. But then their is the problem of data being stolen. The HSE IT Systems are massive so creates many more opportunities to hack....weak links and that includes people working for HSE opening malicious links in emails and falling for phishing scams.

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

They're not particularly bothered about who they attack, the principal motive is to pick a ripe target and obviously with the HSE they have that. There's lots of sensitive data on their systems. I'm the HSE have it safely backed up but the real risk is that the cyber criminals might threaten to put such data on a website where it could be accessed.

Reply privately

Reply in forum

Reply +quote

By *onny26IrishMan
over a year ago

cork

Definitely will impact people waiting on critical test results, medication management and all sorts of surgeries and appointments. People will & could die from the delays..

Reply privately

Reply in forum

Reply +quote

By *anzorMan
over a year ago

Dublin

It doesn't surprise me at all.

The HSE doesn't have a decent IT system .. There's no nationwide database ..its all too disjointed .. They need a central database .. And a proper IT centre ..

Reply privately

Reply in forum

Reply +quote

By *dfabMan
over a year ago

Dunboyne

"Definitely will impact people waiting on critical test results, medication management and all sorts of surgeries and appointments. People will & could die from the delays..

This!!

Whatever about companies, who should increase their IT spend exponentially as they grow, no national health service in the world has been able to do this.

The very sad fact is that there will likely be lives lost as a result of this.

Whatever slight respect I had for hackers, as an IT head, is gone with this attack.

People's lives should never be held to ransom and that's what this is. Interpol should be involved and these folks traced and prosecuted to the highest order.

Reply privately

Reply in forum

Reply +quote

By *onny26IrishMan
over a year ago

cork

Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data?

Reply privately

Reply in forum

Reply +quote

By *ilthyNightsCouple
over a year ago

East / North, Cork

Perhaps this will teach them to invest in modern IT systems, maintain them properly, and pay for up to date security systems.

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

"Perhaps this will teach them to invest in modern IT systems, maintain them properly, and pay for up to date security systems."

I am certain that the seriousness of this ransomware attack is only going to become evident over the coming weeks; IT systems' security within national and privatised health services is notoriously poor because of a lack of investment, inadequate expertise inhouse and insufficient forethought and preplanning to establish robust firewalls.

The US fuel pipeline last week allegedly have to pay 33% of the demanded sum of 15,000,000 dollars.

Appointments that were affected by the pandemic are being cancelled, much to the distress of HSE users.

Watch this space!

Reply privately

Reply in forum

Reply +quote

By *ilthyNightsCouple
over a year ago

East / North, Cork

Whatever happened to offside and offline backups. When I worked in IT we could restore a server in a couple hours.

Reply privately

Reply in forum

Reply +quote

By *ilthyNightsCouple
over a year ago

East / North, Cork

*offsite

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

"Whatever happened to offside and offline backups. When I worked in IT we could restore a server in a couple hours."

I haven't yet been out to get the Irish Times, but from RTE news reports, this is a lot more serious that data theft or encryption.

The system is being actively attacked by the hackers in real time; this particular ransomware has been around since last year and is exceptionally insidious.

I'm sure the IT will have a thorough analysis.

Reply privately

Reply in forum

Reply +quote

By *osmicGateMan
over a year ago

louth

"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data? "

They would be better off paying the hackers the ransom they demand although they haven't specified the amount they want.. If they don't pay up I'd imagine a simple click could destroy their system forever.. Most likely Russian or Chinese hackers...

Reply privately

Reply in forum

Reply +quote

By *ilthyNightsCouple
over a year ago

East / North, Cork

"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data?

I still don't really understand how this can cause so much damage. If they have data backups then why can't they just take the systems offline patch whatever hole they used in the first place to secure it, then restore the data, change passwords as they are probably compromised, and you're back online.

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

This attack is being orchestrated by professional extortionists who are very good at their business, and are not necessarily Russian, North Korean or Chinese agencies.

Payment of the ransom is usually via a cryptocurrency; Bitcoin or a rival.

Apparently, patches or password changes or data retrieval won't be enough according to RTE correspondent, Will Goodbody.

Reply privately

Reply in forum

Reply +quote

By *ilthyNightsCouple
over a year ago

East / North, Cork

"This attack is being orchestrated by professional extortionists who are very good at their business, and are not necessarily Russian, North Korean or Chinese agencies.

Payment of the ransom is usually via a cryptocurrency; Bitcoin or a rival.

Apparently, patches or password changes or data retrieval won't be enough according to RTE correspondent, Will Goodbody."

Wow. I guess they are exploiting some kind of unpatched and unknown bug.

Reply privately

Reply in forum

Reply +quote

By *aid backMan
over a year ago

by a lake with my rod out

"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data?

If you pay them once you'll have to keep paying them.

Reply privately

Reply in forum

Reply +quote

By *osmicGateMan
over a year ago

louth

"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data?

They probably have some nasty heuristic virus planted in the hse server which can be armed at will.. Its serious.. People personal data has been compromised no doubt..

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

Think the HSE has agreed to pay. The hackers are now gone on a 3 year waiting list to get an appointment ????

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

This ransomware attack, using the Conti malware, and probably originating from the Russian Spider criminal group in St.Petersburg has taken a further sinister twist; aside from the 85,000 computers and servers being infected for at least the past two weeks, the Department's computer has also been infected.

HSE employees have been obliged to return a to handwritten system of working and access to previous records, reports, analyses and other diagnostic tools has been unavailable.

This is a disaster for the Republic's health service, that has already been overstretched by Covid infections and the problematic vaccination programme.

Government ministers have stated that payment (of the ransom) will never happen but much larger and more professionally managed organisations have been obliged to pay within the last few years to avoid the demise of their organisations.

Ransomware is effectively a new form of terrorism, that thrives within nation states such as Russia, which does not have any extradition agreements with western economies.

It is probably inevitable that deaths will occur because of cancelled appointments and surgical procedures, over the coming months.

Reply privately

Reply in forum

Reply +quote

By *onny26IrishMan
over a year ago

cork

Department of health hit today as well

this is only getting worse..

Reply privately

Reply in forum

Reply +quote

By *urydiceRisingWoman
over a year ago

Dublin

"Just saw a article online as well they are refusing to pay the ransom as per government policy, so will be days even weeks before its sorted out.

I imagine servers they have cannot be trusted again for potential leaking of data?

How much do you want to bet it was Israeli hackers? They are some of the worst (best) in the world. They are notorious for targeting governments - like Iran and any others that defy them or point out their authoritarianism. When did Ireland start to revolt against the missile strikes and call for the removal of the Israeli ambassador? And when did this happen? There was also an attack on the Dept of Health. It's not out of the realm of possibility.

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

In this interconnected world, anything is possible; but the consuls is that a modified version of the Ryuk ransomware is probably responsible.

I was speaking to a computer specialist yesterday who told me that the navigation specialists, Garmin, had been targeted last year and paid out 20,000,000 dollars to a group of Russian hackers, in order that this international company could continue to function.

This coming week will be interesting for the already overstretched HSE and associated agencies, such as Tusla.

Israeli hackers have been successfully targeting the Iranian nuclear fuel processing facilities, which wants to manufacture nuclear weapons; some elements within Iran have stated their intention to wipe Israel off the face of the earth.

Reply privately

Reply in forum

Reply +quote

By (user no longer on site)
over a year ago

For once the silo culture in the HSE will save them.

Nothing is integrated

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

Some hospitals, that have long since abandoned any paper-based systems have now been crippled, and are obliged to suspend operations for the next seven days.

Elective surgery appointments have been cancelled, as have many other procedures.

I find it difficult to understand the mindset of the instigators of this despicable disruption that may cost lives, and is causing enormous distress to those with health issues.

Unfortunately, these hackers will probably never be brought to account, because no extradition agreements exist with the former USSR.

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

There was an excellent analysis of this issue on Live line today-Monday; worth listening to on RTE Player.

Interview with professional reformed Irish hacker, who is now employed as security IT consultant.

Reply privately

Reply in forum

Reply +quote

By *osmicGateMan
over a year ago

louth

Apparently this group have received funding from the Russian government and Putin came out earlier stating that he would assist the Irish government if they asked for help

Reply privately

Reply in forum

Reply +quote

By *ubal1 OP Man
over a year ago

Newry Down

It is not necessarily that they receive Russian government funding, but that a blind eye is turned to their criminal activities abroad, if they assist Putin's agencies, if instructed to do so.

A perverse symbiotic relationship.

Watch to see how serious this situation will become over the coming months; their will be deaths in Ireland because of this ransomware attack. It is extremely serious.

Reply privately

Reply in forum

Reply +quote

Post new Message to Thread