Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.
A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer.
“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said.
What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer.
The employee was told that a ransom of close to €15 million would be needed, the source said.
“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.
It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.
”The message was in very calm, non-threatening language. It was very transactional,” the source added.
The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week.
Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack.
However, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations.
Sources have told The Journal that the messages received did not identify the group as Spider Wizard.
When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.
An earlier statement released by the HSE confirmed that an encryption key has been made available.
“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said.
The HSE this evening secured a High Court injunction to stop the illegal use of any data that may have been stolen during the ransomware attack.
To embed this post, copy the code below on your site
“US company Colonial Pipeline admitted paying $4.4 million in a ransom”. Americans, especially those in the private healthcare sector, who pay the criminals are a big part of this problem. Make it a crime to pay the criminals and this will stop very quickly.
@Earth Traveller: that would meen it would be an offence to pay taxes.
Im with ya
@Earth Traveller: lol boy. You make it sound SO simple!! who’d have guessed it would be so easy to stop cyber crime! I’m sorry but that is an unbelievablely naive way of thinking. I agree that paying ransoms doesn’t help. But not paying them won’t stop it “very quickly” they’ll just sell the information to people who will pay for it. These guys will always profit in some way. They won’t just give up and go home if companies refuse to pay.
Its a conspiracy theory but im thinking our seat on the UN security Council has something to do with this. Come on like.. a Russian state sponsored cyber attack suddenly fixed. I wonder what favours we gave away.
@Bernard McWilliams: You’re right about one thing Bernard, it is a conspiracy theory. What have we got that could possibly interest Putin, I doubt he could even find us on a map.
@Justin Gillespie: I admit, I might be watching too much House of Cards. haha. But to answer your question briefly, we have Influence and voting power on key issues that concern Russian powerplays in global political theatre.
@Bernard McWilliams: Not convinced Bernard, if there was real power there we wouldn’t be let anywhere near it. Ireland is window dressing nothing more.
@Bernard McWilliams: another few hundred houses to rent for the ruskies
@Justin Gillespie: Your probably right Justin. For the movie Im thinking Jason Statham as Stephen Donnelly who’s hell bent on knocking the heads off Demetri and the gang, of course helped by Tony Holohan (played by Bruce Willis) Haha. Ive too much time on my hands…gd luck!
Pay them of you haven’t already and invest in good IT system for crying out loud.
I’d say other departments are scrambling to secure their systems
@Tom Ripley: did you read the article Tom? The hackers have given up on the ransom as they realised they weren’t going to get it. They’ve handed over the decryption tool that the ransom was meant to pay for.
@AL:
except the doxxware side of it
@Ixtrix Net: sorry I’ve no idea what that is unfortunately
@AL: doxxware is where an attacker exfiltrates (super sneakily steals) sensitive data from your computer systems then tries to Ransom said senstive data back to you. In other words give us money or all this super confidential data you have gets auctioned off on the darkweb to the highest bidder.
@AL: well if you believe the minister on this… Why hand it over they have gov over a barrel and they locked them in first place I don’t think good conscience won over Russian cyber criminal. They don’t seem the type to cave in so easily
@AL: I think the order to give the key came from higher up in Russia, none of these guys operate without state approval, that why they don’t operate in Russia.
@Tom Ripley: should hire them to fix our IT system.
@Pat Casey: I agree. Putin let’s these gangs operate and can stop them when he wants too. We saw that during the world cup there when there was no trouble with their local hooligans. My guess is that after Simon Coveney spoke to their foreign minister Lavrov a call was put in to the the hackers to restore the HSE network. Ireland is no enemy of Russia. The hackers can still make money from the stolen data.
@AL: the article does not say that the gang has given up on the ransom, that is mere speculation. Giving a decryption key is irrelevant. The gang has medical data on tens of thousands of people. That’s where the money is and I imagine down the line that the government will pay for the return of this data and an assurance that no further files will be sold.
Put aside how we got the decryption tool, even if this is rolled out and it takes a week to unencrypt everything we still have a problem. Can we trust the data now? No. Is every PC on the network clean? Again, no. So the data has to be restored to a point in time when everyone is confident there was no incursion, that could be several weeks and there will be some loss. Every PC will have to be examined, and maybe destroyed and replaced. It will be costly.
@Arch Angel: We have Google, Microsoft, Apple and Amazon who all make secure safe Cloud hosting tech. They are all based here and they I’m sure would sort us out in return for all those cosy tax brakes. All the tech giants are here. Once we get the data back and decrypted we could get the situation under control very easily.
Maybe Putin told them not to fu(k with the Irish!
@Jim Carolan: Too much heat with this one, an entire country now knows of this group.
@Jim Carolan: Indeed, the have heard about the FCA.
My guess is that the ransom is already paid.
The encryption tool was handed over the night the attack came to light. They announced their presence and gave the encryption tool as proof that what they were saying was true. It only came as a government announcement yesterday but they’ve had it all along. The ransom is so they won’t publish/release/sell the data they had already collected before they ever made themselves known.
@Louise Fleming: You want us to click a link in an article about a hacking scam?
@Daniel Kelly:
@Daniel Kelly:
@Daniel Kelly:
@Daniel Kelly:
@Daniel Kelly:
@Daniel Kelly:
Here lads, pull the other one
They wanted Data, not Deaths. They have the data. Now, if ransom is paid that data sill NOT be published on dark web. But by providing the Key they feel they might be preventing patient deaths and the ensuing possibility of murder charges down the road.
Anyone else feel a little uneasy about this goodwill decryption key?
Paying d ransom may get u d files back,but you’re dealing with crooks who’ll have made copies & sold them on d dark web.D HSE need 2 update the firewalls on their servers & the best people 2 do that r hackers. They think like ransomware so know where they’ll try & get into the system.
I got one in ALDI its like an Allen key only its star shaped ..wonder how much they will get for that x-ray of that ball bearing I swallowd..
Malware as a service. These gangs rely on a multitude of other criminal gangs to achieve their crimes. A criminal network if you like. Some of which may not be too happy about the gang taking down the health service and causing possible deaths. They’ve been getting quite a bit of stick on the dark web in relation to this breach. Honour amongst thieves and all that jazz. So it seems they’ve decided to release the key and focus on the extortion of money for non release of data. A much more noble pursuit !!!
have your say