Irish health service hit by cyber attack

https://www.rte.ie/news/health/2021/0514/1221519-hospital-it-problem/
https://www.irishtimes.com/news/hea...stems-amid-significant-cyber-attack-1.4564957

 

"Warning of widespread cancellations for HSE patients if ransomware attack not resolved by Monday

Minister reveals Department of Health also targeted..."

https://www.independent.ie/irish-ne...e-attack-not-resolved-by-monday-40427449.html

 

I hope GCHQ and MI5 are taking note of all these recent attacks around the world.

 

https://www.irishtimes.com/business...-after-cyberattack-could-take-weeks-1.4565598
https://www.rte.ie/news/coronavirus/2021/0515/1221735-hse-cyber-atack/

 

"Ireland’s Health Services hit with $20 million ransomware demand

Ireland’s health service, the HSE, says they are refusing to pay a $20 million ransom demand to the Conti ransomware gang after the hackers encrypted computers and disrupted health care in the country...

Yesterday, a cybersecurity researcher shared a screenshot of a chat between Conti and Ireland's HSE with BleepingComputer.

In the screenshot, the Conti gang claims to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700 GB of unencrypted files from the HSE, including patient info and employee info, contracts, financial statements, payroll, and more.

The Conti ransomware operation is believed to be run by a Russia-based cybercrime group known as Wizard Spider...

This group uses phishing attacks to install the TrickBot and BazarLoader trojans that provide remote access to the infected machines..."

https://www.bleepingcomputer.com/ne...rvices-hit-with-20-million-ransomware-demand/

 

"Irish Health Care System Suffers New Cyber Attack

(Bloomberg) -- Ireland’s Department of Health is grappling with a new cyber attack as the country’s health service faces a third day of disruption after hackers forced the shutdown of its computer systems.

The Department of Health has been hit by an attack similar to the ransomware one carried out last week on the country’s Health Service Executive...the department has also shut down its systems..."

https://www.bnnbloomberg.ca/irish-health-care-system-suffers-new-cyber-attack-rte-reports-1.1604461

 

Cmon, attacking the health care system? That's too much. They might literally be killing people.

Like, I don't see much harm in attacking a private company, companies are way too rich anyway and it helps distribute the money more balancedly, as well as raising awareness for security. But healthcare? Cmon...

 

"Fixing damage of cyber attack on Republic's health service will cost ‘tens of millions' – HSE...

Fixing the damage to the health service’s IT systems following the cyber attack will costs 'tens of millions' of euro, HSE boss Paul Reid has said.

The impact of the attack on services is expected to last throughout this week and beyond, with thousands of patients facing cancelled appointments and delays..."

https://www.irishnews.com/news/repu...ttack-will-cost-tens-of-millions-hse-2325201/

 

https://www.rte.ie/news/health/2021/0517/1222037-hse-ransomware-attack/
This story has, this morning, 'evolved' into this, perhaps it's a party 'opposition' issue?
HSE warns it will take weeks to fix IT systems

Today's latest seems to be this (atm): Martin says cyber attack 'significant threat' to State

 

"Army drafted in to bring laptops and PCs to hospitals stricken by cyber attack...

The Defence Forces will now assist and support the HSE in the deployment of devices such as servers, desktops and PCs at locations nationwide. They will also provide operational support nationally to the HSE...

There are approximately 2,000 IT patient-facing systems, each supported by infrastructure, multiple servers and devices. They are being put through a rigorous process of assessment and recovery in a controlled and structured way.

In addition there are 80,000 HSE devices which also need to be checked..."

https://www.independent.ie/irish-ne...pitals-stricken-by-cyber-attack-40436415.html

 

"Wizard Spider profile: Suspected gang behind HSE attack is part of world’s first cyber-cartel..."

Interesting 5-minute read.

Here's the missing link:

https://www.irishtimes.com/news/crime-and-law/wizard-spider-profile-suspected-gang-behind-hse-attack-is-part-of-world-s-first-cyber-cartel-1.4568806#:~:text=Health service attack regarded as,any proxy attack by Russia&text=The Russian-speaking cybercrime gang,the world's first cyber-cartel.

 

"Hackers threaten to release HSE data if ransom is not paid by Monday

Cybercriminals have today threatened to release the data by Monday if the ransom is not paid..."

https://www.independent.ie/irish-ne...t-sets-up-crimeline-for-victims-40449259.html

 

"HSE secures injunctions restraining sharing of hacked data

HSE CEO Paul Reid tells court he fears all of the HSE’s data ‘is potentially compromised’...

The HSE has secured injunctions from the High Court restraining any sharing, processing, selling or publishing of data stolen from its computer systems in a massive cyberattack.

The main purpose of the orders, the court heard, is to put legitimate information service providers such as Google and Twitter on notice of a legal prohibition on the sharing and publication of the HSE information..."

https://www.irishtimes.com/news/cri...-restraining-sharing-of-hacked-data-1.4570769

 

"Cybergang provides decryption tool to unlock HSE systems

Russian-speaking gang is still threatening to publish patient files unless ransom is paid

The ransomware group targeting the HSE has given the Irish authorities a decryption tool that it says will enable them to recover their IT systems and the files that hackers locked and encrypted.

However, the Russian-speaking cyber gang behind the attack is still threatening to share the information, including personal information relating to patients, on the darknet and to sell some of it to other criminals if the ransom is not paid..."

https://www.irishtimes.com/news/cri...cryption-tool-to-unlock-hse-systems-1.4570765

 

"Decryption tool tested after hack of Irish health service

The Irish Government has said a decryption tool has been made available following a ransomware hack of the health service IT system...

'A detailed technical process to ensure the integrity of this decryption tool is being carried out by the NCSC and private contractors,' the Government said in a statement on Thursday evening...

'This is to ensure that this tool would support restoration of our systems rather than cause further harm'..."

https://www.standard.co.uk/news/uk/irish-government-hse-micheal-martin-b936377.html

 

State did not pay ransom for decryption key - Donnelly

Hope the attackers may have had a change of heart?

 

"Initial tests on decryption key supplied by HSE hackers ‘positive’ – Donnelly

Health Minister Stephen Donnelly has described initial tests on the decryption key supplied by the health service IT hackers as 'positive'..."

https://www.belfasttelegraph.co.uk/...y-hse-hackers-positive-donnelly-40452454.html

 

Cyber attack decryption key 'validated' but 'flawed'

And presumably this (to which I haven't noticed reference?) is known about and employed:

https://www.bleepingcomputer.com/ne...se-ireland-free-decryptor-still-selling-data/

 

"Decryption tool functional but unlikely to offer ‘quick fix’

The tool...is described as “buggy” and “flawed”...

It has been confirmed that the key can be used to decrypt HSE systems but this will take some time and all systems will have to be checked thoroughly before they can reactivated, a process which may take weeks...

In fact, officials may decide to not use the key at all if it is determined that it will be quicker to manually restore the data from HSE backups, as has been happening to date...

The use of the key will be made even slower by the HSE’s out-of-date computer systems, sources said. Much of its network still uses Windows 7..."

https://www.irishtimes.com/news/cri...nal-but-unlikely-to-offer-quick-fix-1.4571472

 

"HSE staff asked to turn on computers but it will 'take weeks to get back online'

HSE staff have been asked to turn on their computers so that the decryption key sent by the cyberattackers can be downloaded across 80,000 devices, but have been warned the devices cannot yet be used.

The advice to staff came as the HSE's chief information officer said it will 'take weeks to get back online'.

Fran Thompson said restoring access to data has to be done in a safe and careful manner and 'we anticipate this will take a number of weeks in total'..."

https://www.irishexaminer.com/news/arid-40299407.html

 

"Cyber attack will likely cost HSE over €100 million, Paul Reid says

HSE CEO PAUL Reid has said it will likely cost over €100 million to deal with the fallout of the cyber attack on Ireland’s health service...

'“In terms of the network restoration, the IT costs and resource costs and extra costs by upgrading elements of our network and laptops … I said at the outset [that the cost of this] will be in the tens of millions and there is no doubt that €100 million will be the smaller figure in terms of the total cost of this'..."

https://www.thejournal.ie/cost-of-cyber-attack-on-hse-5449643-May2021/

 

70pc of devices back in use following HSE cyberattack
HSE CEO Paul Reid said the immediate financial costs of the ransomware attack is ‘well over €100m’.
June 23, 2021
https://www.siliconrepublic.com/enterprise/hse-cyberattack-decryption

 

Irish Ransomware Attack Recovery Cost Estimate: $600 Million
Director of HSE, Nation's Healthcare System, Describes the Costs
June 24, 2021
https://www.databreachtoday.com/irish-ransomware-attack-recovery-cost-estimate-600-million-a-16931

 

VirusTotal ordered to reveal private info of stolen HSE data downloaders
July 1, 2021
https://www.bleepingcomputer.com/ne...-private-info-of-stolen-hse-data-downloaders/