If you did pay them now would they not just come back in a month and say we still have the detail lads we want another 20m?
No way man, those lads are businessmen and gentlemen. Their word is their bond.
Whats the leverage though? What could they do with it?
Just publish it publicly online.
It probably not as a big deal as it would be for company , where they might have accessed trade secrets, sensitive emails etc
@gilgamboa in fairness with these things the operators are in it for money. If word gets out that the unlock keys don’t work or they double extort people it’s bad for business. The guys responding to this for the HSE will know this gang and how reliable they are. It would be a major deciding factor in whether to pay or not.
1 Like
No. That would stop future initial payments because people would know they’d end up in a blackmail situation
1 Like
HSE hackers made their first attack two weeks ago
John Mooney and Justine McCarthy
Sunday May 16 2021, 12.01am, The Sunday Times
Russian hackers first broke into the HSE computer network at least two weeks ago, infecting critical sections of it with ransomware. Before striking in the early hours of Friday morning, the group had spent days inserting malware across the entire network.
The hackers are thought to have initiated a number of easily detectable cyberattacks on Thursday night in order to conceal their earlier presence on the network, before triggering a full-scale ransomware attack at about 4am on Friday.
The full scale of the attack is still emerging. The network is being painstakingly cleaned and restarted, but it is expected to be at least another week before the system is fully operational again. The computer networks of the Department of Health and Tusla, the child and family agency, have been shut down as a precautionary measure.
Micheál Martin, the taoiseach, has said Ireland will not pay a ransom to the hackers, who are believed to be a collective of Russian hackers known as Conti. The attacks led to the cancellation of hospital appointments, including out-patients, radiology, and chemotherapy and radiation treatments for cancer patients. This disruption to patient services may continue for weeks.
The Defence Forces took control of the Covid-19 contact tracing service on Friday and it is now being operated by soldiers on a military-protected IT network.
Micheál Martin, the taoiseach, has said Ireland will not pay a ransom to the hackers
LEAH FARRELL/ROLLINGNEWS.IE
The hacking group’s blog on the darknet has yet to mention the HSE attack but it has claimed responsibility for an attack on a Cork company earlier this month. Data stolen from that business is now available on the darknet.
The HSE has been advised that the hackers could begin releasing information on thousands of patients on the darknet, or possibly sell it to other criminals for use in fraud, if its ransom demands are not met. The security services and private firms contracted by the HSE to advise on the security breach are monitoring the darknet to check for this.
So far the HSE has been unable to establish whether patients’ files containing personal details have been compromised.
On Friday, the criminals sent a ransom note via the computer system instructing Irish officials to click on a link to read the details of their demands. The HSE did not click on the link, leaving it to gardai.
Investigators have so far failed to establish exactly how the hackers broke into the network but a HSE source said its dependence on thousands of out-of-date computers “is not relevant” to the attack.
Responding to a parliamentary question in December by Alan Kelly, the Labour Party leader, the HSE said 37,000 of its computers had not been upgraded from Microsoft Windows 7 to Windows 10 software. Microsoft has stopped protecting Windows 7 computers from viruses and malware unless it is specifically paid to do so. The HSE paid it €1 million last year and confirmed yesterday it made a second payment for the current year.
The scale of the attack has led to questions about the state’s approach to cybersecurity and the protection of its information networks. The National Cyber Security Centre has had no director for a year, and has just 24 staff with a budget of €5 million. By comparison the Data Protection Commission has 160 staff and a budget of €17 million.
“The government’s approach to protecting the state’s information technology is a joke,” said Dr Simon Woodworth, a lecturer in business information systems at University College Cork. “The government is completely underfunding IT security, which will inevitably result in more attacks.”
Paul Reid, the HSE director general, pointed out yesterday there had been cases where organisations had paid ransoms to hackers, and the data had not been returned. Speaking on RTE Radio’s Saturday with Katie Hannon , Reid said the standard approach from criminal groups was a “double extortion” attempt — to both withhold the hacked data, and also threaten to publish it online, unless a ransom was paid.
The Department of Health was unable to publish daily Covid data yesterday due to the shutdown of its system. The department said backdated figures would be published when possible. Reid said the HSE was confident it had secure backups of all the affected data, allowing it to “rebuild” the infrastructure.
Gardai suspect a consortium of Eastern European criminals — reported to be run by a Russian group called Wizard Spider — may have received state sponsorship off Moscow.
A google search of “Wizard Spider Russia” has this link from October 2020 in the search results
Makes sense to go after a sector already under massive strain, more vulnerable and more likely to pay out given the extreme strain the sector is under in every state.
This is a terrorist attack. No doubt about it.
My own employer is under attack with a fortnight. Fortunately after a major hacking incident 4 years ago where the business was nearly back to operating on a paper and pen for a month they ploughed a huge amount into security and has managed to withstand these attacks. But I’d say you couldn’t get complacent for one minute here
2 Likes
Under attack in what sense?
The hackers trying to do what they have done to the hse
Ya that’s what I mean. How are they trying to hack you? Is it via a stream of phishing emails or what?
God be with the days an auld DDoS attack that would have you down for an hour or two was all we were worrying about.
No head of cybersecurity for a year and a lousy budget. We were a sitting duck. You can compare this to the blame trump got for cutting the budget to the pandemic response team only for a pandemic to come along.
Not a fkn clue pal… We are under attack is the most I know… Not near my bailiwick
The Department of Health has also been hit.
I think the Vaccine portal is managed by Salesforce so that shouldn’t be affected…
I’d imagine some interlinked system between the HSE and Department of Health allowed the infection jump across as opposed to a second stand alone attack.
For FFS the variants again