Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Elnur

HSE ransomware attack began on a single computer when an employee clicked on a link

Sources have confirmed an encryption key was provided by the attack launched by the criminal gang last week.

THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer. 

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said. 

What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer. 

The employee was told that a ransom of close to €15 million would be needed, the source said. 

“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.

It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.

 ”The message was in very calm, non-threatening language. It was very transactional,” the source added.

The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week. 

Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack. 

However, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations. 

Sources have told The Journal that the messages received did not identify the group as Spider Wizard. 

When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.

An earlier statement released by the HSE confirmed that an encryption key has been made available. 

“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said. 

The HSE this evening secured a High Court injunction to stop the illegal use of any data that may have been stolen during the ransomware attack. 

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
167 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Install the app to use these features.
    Mute Earth Traveller
    Favourite Earth Traveller
    Report
    May 21st 2021, 3:37 PM

    “US company Colonial Pipeline admitted paying $4.4 million in a ransom”. Americans, especially those in the private healthcare sector, who pay the criminals are a big part of this problem. Make it a crime to pay the criminals and this will stop very quickly.

    142
    Install the app to use these features.
    Mute Carl Hale
    Favourite Carl Hale
    Report
    May 21st 2021, 4:56 PM

    @Earth Traveller: that would meen it would be an offence to pay taxes.
    Im with ya

    49
    Install the app to use these features.
    Mute Jaymes Moynihan
    Favourite Jaymes Moynihan
    Report
    May 22nd 2021, 7:04 PM

    @Earth Traveller: lol boy. You make it sound SO simple!! who’d have guessed it would be so easy to stop cyber crime! I’m sorry but that is an unbelievablely naive way of thinking. I agree that paying ransoms doesn’t help. But not paying them won’t stop it “very quickly” they’ll just sell the information to people who will pay for it. These guys will always profit in some way. They won’t just give up and go home if companies refuse to pay.

    3
    Install the app to use these features.
    Mute Bernard McWilliams
    Favourite Bernard McWilliams
    Report
    May 21st 2021, 3:53 PM

    Its a conspiracy theory but im thinking our seat on the UN security Council has something to do with this. Come on like.. a Russian state sponsored cyber attack suddenly fixed. I wonder what favours we gave away.

    76
    Install the app to use these features.
    Mute Justin Gillespie
    Favourite Justin Gillespie
    Report
    May 21st 2021, 4:20 PM

    @Bernard McWilliams: You’re right about one thing Bernard, it is a conspiracy theory. What have we got that could possibly interest Putin, I doubt he could even find us on a map.

    71
    Install the app to use these features.
    Mute Bernard McWilliams
    Favourite Bernard McWilliams
    Report
    May 21st 2021, 4:29 PM

    @Justin Gillespie: I admit, I might be watching too much House of Cards. haha. But to answer your question briefly, we have Influence and voting power on key issues that concern Russian powerplays in global political theatre.

    28
    See 3 more replies ▾
    Install the app to use these features.
    Mute Justin Gillespie
    Favourite Justin Gillespie
    Report
    May 21st 2021, 4:32 PM

    @Bernard McWilliams: Not convinced Bernard, if there was real power there we wouldn’t be let anywhere near it. Ireland is window dressing nothing more.

    14
    Install the app to use these features.
    Mute Carl Hale
    Favourite Carl Hale
    Report
    May 21st 2021, 4:57 PM

    @Bernard McWilliams: another few hundred houses to rent for the ruskies

    1
    Install the app to use these features.
    Mute Bernard McWilliams
    Favourite Bernard McWilliams
    Report
    May 21st 2021, 5:11 PM

    @Justin Gillespie: Your probably right Justin. For the movie Im thinking Jason Statham as Stephen Donnelly who’s hell bent on knocking the heads off Demetri and the gang, of course helped by Tony Holohan (played by Bruce Willis) Haha. Ive too much time on my hands…gd luck!

    28
    Install the app to use these features.
    Mute Tom Ripley
    Favourite Tom Ripley
    Report
    May 21st 2021, 3:32 PM

    Pay them of you haven’t already and invest in good IT system for crying out loud.
    I’d say other departments are scrambling to secure their systems

    45
    Install the app to use these features.
    Mute AL
    Favourite AL
    Report
    May 21st 2021, 3:40 PM

    @Tom Ripley: did you read the article Tom? The hackers have given up on the ransom as they realised they weren’t going to get it. They’ve handed over the decryption tool that the ransom was meant to pay for.

    78
    Install the app to use these features.
    Mute Ixtrix Net
    Favourite Ixtrix Net
    Report
    May 21st 2021, 3:47 PM

    @AL:
    except the doxxware side of it

    13
    See 7 more replies ▾
    Install the app to use these features.
    Mute AL
    Favourite AL
    Report
    May 21st 2021, 3:50 PM

    @Ixtrix Net: sorry I’ve no idea what that is unfortunately

    12
    Install the app to use these features.
    Mute Anthony McGovern
    Favourite Anthony McGovern
    Report
    May 21st 2021, 4:17 PM

    @AL: doxxware is where an attacker exfiltrates (super sneakily steals) sensitive data from your computer systems then tries to Ransom said senstive data back to you. In other words give us money or all this super confidential data you have gets auctioned off on the darkweb to the highest bidder.

    10
    Install the app to use these features.
    Mute Tom Ripley
    Favourite Tom Ripley
    Report
    May 21st 2021, 4:34 PM

    @AL: well if you believe the minister on this… Why hand it over they have gov over a barrel and they locked them in first place I don’t think good conscience won over Russian cyber criminal. They don’t seem the type to cave in so easily

    11
    Install the app to use these features.
    Mute Pat Casey
    Favourite Pat Casey
    Report
    May 21st 2021, 4:41 PM

    @AL: I think the order to give the key came from higher up in Russia, none of these guys operate without state approval, that why they don’t operate in Russia.

    23
    Install the app to use these features.
    Mute Carl Hale
    Favourite Carl Hale
    Report
    May 21st 2021, 4:58 PM

    @Tom Ripley: should hire them to fix our IT system.

    15
    Install the app to use these features.
    Mute Ger
    Favourite Ger
    Report
    May 21st 2021, 6:08 PM

    @Pat Casey: I agree. Putin let’s these gangs operate and can stop them when he wants too. We saw that during the world cup there when there was no trouble with their local hooligans. My guess is that after Simon Coveney spoke to their foreign minister Lavrov a call was put in to the the hackers to restore the HSE network. Ireland is no enemy of Russia. The hackers can still make money from the stolen data.

    11
    Install the app to use these features.
    Mute Jjohn Cconway
    Favourite Jjohn Cconway
    Report
    May 21st 2021, 6:39 PM

    @AL: the article does not say that the gang has given up on the ransom, that is mere speculation. Giving a decryption key is irrelevant. The gang has medical data on tens of thousands of people. That’s where the money is and I imagine down the line that the government will pay for the return of this data and an assurance that no further files will be sold.

    5
    Install the app to use these features.
    Mute Arch Angel
    Favourite Arch Angel
    Report
    May 21st 2021, 4:01 PM

    Put aside how we got the decryption tool, even if this is rolled out and it takes a week to unencrypt everything we still have a problem. Can we trust the data now? No. Is every PC on the network clean? Again, no. So the data has to be restored to a point in time when everyone is confident there was no incursion, that could be several weeks and there will be some loss. Every PC will have to be examined, and maybe destroyed and replaced. It will be costly.

    32
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 21st 2021, 4:27 PM

    @Arch Angel: We have Google, Microsoft, Apple and Amazon who all make secure safe Cloud hosting tech. They are all based here and they I’m sure would sort us out in return for all those cosy tax brakes. All the tech giants are here. Once we get the data back and decrypted we could get the situation under control very easily.

    22
    Install the app to use these features.
    Mute Jim Carolan
    Favourite Jim Carolan
    Report
    May 21st 2021, 3:42 PM

    Maybe Putin told them not to fu(k with the Irish!

    79
    Install the app to use these features.
    Mute Colin
    Favourite Colin
    Report
    May 21st 2021, 3:57 PM

    @Jim Carolan: Too much heat with this one, an entire country now knows of this group.

    41
    Install the app to use these features.
    Mute Pat Casey
    Favourite Pat Casey
    Report
    May 21st 2021, 6:14 PM

    @Jim Carolan: Indeed, the have heard about the FCA.

    18
    Install the app to use these features.
    Mute Sean
    Favourite Sean
    Report
    May 21st 2021, 6:11 PM

    My guess is that the ransom is already paid.

    28
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 4:51 PM

    The encryption tool was handed over the night the attack came to light. They announced their presence and gave the encryption tool as proof that what they were saying was true. It only came as a government announcement yesterday but they’ve had it all along. The ransom is so they won’t publish/release/sell the data they had already collected before they ever made themselves known.

    20
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 4:53 PM
    1
    Install the app to use these features.
    Mute Daniel Kelly
    Favourite Daniel Kelly
    Report
    May 21st 2021, 6:17 PM

    @Louise Fleming: You want us to click a link in an article about a hacking scam?

    46
    See 6 more replies ▾
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:31 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:31 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:31 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:33 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:33 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Louise Fleming
    Favourite Louise Fleming
    Report
    May 21st 2021, 10:33 PM

    @Daniel Kelly:

    1
    Install the app to use these features.
    Mute Gerry Ryan
    Favourite Gerry Ryan
    Report
    May 21st 2021, 4:09 PM

    Here lads, pull the other one

    10
    Install the app to use these features.
    Mute sean o'dhubhghaill
    Favourite sean o'dhubhghaill
    Report
    May 21st 2021, 5:58 PM

    They wanted Data, not Deaths. They have the data. Now, if ransom is paid that data sill NOT be published on dark web. But by providing the Key they feel they might be preventing patient deaths and the ensuing possibility of murder charges down the road.

    10
    Install the app to use these features.
    Mute lilolil
    Favourite lilolil
    Report
    May 21st 2021, 9:06 PM

    Anyone else feel a little uneasy about this goodwill decryption key?

    9
    Install the app to use these features.
    Mute Desperado
    Favourite Desperado
    Report
    May 21st 2021, 5:08 PM

    Paying d ransom may get u d files back,but you’re dealing with crooks who’ll have made copies & sold them on d dark web.D HSE need 2 update the firewalls on their servers & the best people 2 do that r hackers. They think like ransomware so know where they’ll try & get into the system.

    7
    Install the app to use these features.
    Mute Liam Meade
    Favourite Liam Meade
    Report
    May 21st 2021, 8:37 PM

    I got one in ALDI its like an Allen key only its star shaped ..wonder how much they will get for that x-ray of that ball bearing I swallowd..

    5
    Install the app to use these features.
    Mute Alan Leahy
    Favourite Alan Leahy
    Report
    May 21st 2021, 9:51 PM

    Malware as a service. These gangs rely on a multitude of other criminal gangs to achieve their crimes. A criminal network if you like. Some of which may not be too happy about the gang taking down the health service and causing possible deaths. They’ve been getting quite a bit of stick on the dark web in relation to this breach. Honour amongst thieves and all that jazz. So it seems they’ve decided to release the key and focus on the extortion of money for non release of data. A much more noble pursuit !!!

    4
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.

Leave a commentcancel

 
JournalTv
News in 60 seconds