Ransomware & HSE

Dempo1

VinLieger wrote: »

Of course I'm aware of all the HSE It issues you would need to be living under a rock to not know about them so you can drop the patronizing condescending attitude.

Your claim that the ransom would be paid and we would never find out is the dictionary definition of an unfounded conspiracy theory. Do you honestly believe in a place as poorly run as the HSE that if the ransom was paid they would be able to keep it a secret?

I actually do believe a deal will be done and it will be kept quite, I don't believe that's a stretch of the imagination.

What is intriguing is the absolute lack of questions as to how this was allowed to happen, given the warnings.

I've watched very closely the PR machine that is Paul Reid and his senior management team. Experts on deflection, Experts on spin and sadly and quite obviously incapable of taking responsibility.

Sparks should fly over this and in advance of "it could happen to any organisation", yes it could if the door left wide open.

AndrewJRenko

Dempo1 wrote: »

I actually do believe a deal will be done and it will be kept quite, I don't believe that's a stretch of the imagination.

What is intriguing is the absolute lack of questions as to how this was allowed to happen, given the warnings.

I've watched very closely the PR machine that is Paul Reid and his senior management team. Experts on deflection, Experts on spin and sadly and quite obviously incapable of taking responsibility.

Sparks should fly over this and in advance of "it could happen to any organisation", yes it could if the door left wide open.

Perhaps you could explain how organisations can prevent zero day exploits?

Darc19

TomOnBoard wrote: »

Aaand some of the most 'expert' experts are just hours or days posting anything on Boards!

Why oh why have these folks not been sharing their great wisdom before this week?

Their mandarins in Belfast only sent them instructions today

Hurrache

One of the most depressing things about social media and forums is the obviousness of how ignorant and silly a large amount of our fellow citizens are. It gives the barstool 'experts" a wider audience to laugh at them.

Hurrache

mrjoneill wrote: »

Most of the banks IT systems are antiquated and there are a lot of businesses using old system because they have antiquated software on it written in Cobol. I would imagine the hospital equipment would be running on PLC rather than PC based.

Someone here googled Cobol (it's actually COBOL), saw that it's old, and automatically jumped to the conclusion that it's antiquated. You'll run a COBOL system on a virtual server on any number of clouds FFS.

There's a queuing system for the barstools tonight.

Dempo1

AndrewJRenko wrote: »

Perhaps you could explain how organisations can prevent zero day exploits?

I'm not an IT expert and have not claimed to be, I've only stated the fact there has been numerous warnings about this possibility and from what I can gather from reliable media sources (NOT ABSURD) Social media but reputable medical journalists and commentators, the HSE has performed abysmally when it comes to investing in IT infrastructure and this despite ample warnings.

Even just take the start of the vacinne roll out, mother of God, details been taken down with pen and paper despite the fact they surely must have known months ago, a vacinne roll out was the only solution to dealing with this pandemic.

HalfAndHalf

AndrewJRenko wrote: »

Perhaps you could explain how organisations can prevent zero day exploits?

Exactly, not as clean cut as blaming users anymore.

This was a fun week back in April, Microsoft knew about these 4 gaping holes in Exchange (the biggest email server solution in use) on ports 80 and 443 that have to be open to the Internet for Exchange OWA, Activesync, ECP to work back in January and are contractually obligated to remediate in 90 days!

1000’s of Firms got compromised before they released the fixes in April, absolutely nothing you can do about something you don’t even know about!

Hackers just sail in, drop rootkits and away they go.

https://www.google.com/amp/s/www.zdnet.com/google-amp/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/

topdecko

Having worked in the NHS and then in Irish primary care there is a stark difference in the security aspect of IT infrastructure. In UK was all smart cards, individual PC logins, encryption on NHS mail if sending external mails etc. There was more of an effort and a better grasp of IT by everyone in organisation.
Coming back over here it was quite a culture shock - everyone using same desktop logins, simple passwords, fax still being used, lack of use healthmail in hospitals etc.
My question i suppose is do we need to rebuild from ground up and have a basic level of security - smart cards for everyone as a basic starting point... would that improve resilience in the system and reduce vulnerabilties

HalfAndHalf

Dempo1 wrote: »

I'm not an IT expert and have not claimed to be, I've only stated the fact there has been numerous warnings about this possibility and from what I can gather from reliable media sources (NOT ABSURD) Social media but reputable medical journalists and commentators, the HSE has performed abysmally when it comes to investing in IT infrastructure and this despite ample warnings.

Even just take the start of the vacinne roll out, mother of God, details been taken down with pen and paper despite the fact they surely must have known months ago, a vacinne roll out was the only solution to dealing with this pandemic.

Unfortunately it’s not as simple as understanding what people on social media or medical experts (who aren’t IT experts) say.

You’re at the mercy of the software or hardware providers you use, as per the link in my previous post highlighting how Microsoft left all of their customers in the dark and compromised to ransomware for 3 months after they were made aware. You can’t defend against something you don’t know about.

This is why any company with any sense have cyber insurance nowadays!

Beechwoodspark

There should be NO money to the hacker regardless.

Hurrache

topdecko wrote: »

Having worked in the NHS and then in Irish primary care there is a stark difference in the security aspect of IT infrastructure. In UK was all smart cards, individual PC logins, encryption on NHS mail if sending external mails etc. There was more of an effort and a better grasp of IT by everyone in organisation.
Coming back over here it was quite a culture shock - everyone using same desktop logins, simple passwords, fax still being used, lack of use healthmail in hospitals etc.
My question i suppose is do we need to rebuild from ground up and have a basic level of security - smart cards for everyone as a basic starting point... would that improve resilience in the system and reduce vulnerabilties

Absolutely disagree with you Topdecko, numerous NHS systems have been absolute disasters and examples of how you don't do things. I know well because I was involved with a contract that came in to identify and resolve many of the issues.

From the opening paragraph. Digital Transformation was a buzzword that everyone jumped onto.

The UK government is failing to learn lessons from previous NHS IT disasters, including the £9.8bn National Programme for IT (NPfIT) fiasco, the National Audit Office (NAO) has found.

In its report "Digital transformation in the NHS" [PDF], the public spending watchdog said a lack of systematic learning from past failures means there remain "significant risks to successful implementation… in all areas" of the government's current "Digital Transformation Portfolio", launched in 2014.

https://www.theregister.com/2020/05/05/uk_coronavirus_app/

AndrewJRenko

Dempo1 wrote: »

I'm not an IT expert and have not claimed to be, I've only stated the fact there has been numerous warnings about this possibility and from what I can gather from reliable media sources (NOT ABSURD) Social media but reputable medical journalists and commentators, the HSE has performed abysmally when it comes to investing in IT infrastructure and this despite ample warnings.

Even just take the start of the vacinne roll out, mother of God, details been taken down with pen and paper despite the fact they surely must have known months ago, a vacinne roll out was the only solution to dealing with this pandemic.

Maybe you should leave the critiquing to those who ARE actual experts on this matter, and who can understand the difference between a tabloid headline and the real world?

Hurrache

Hurrache wrote: »

One of the most depressing things about social media and forums is the obviousness of how ignorant and silly a large amount of our fellow citizens are. It gives the barstool 'experts" a wider audience to laugh at them.

Here, some in the industry aren't much better. On a teams call this morning to brief folks in case questions were asked from customers about our/their level of security there was some banter and discussion about the situation and one of the 2nd level support guys commented very seriously "sure they can just restore the backups" and I watched the heads collectively shake from side to side on screen.

Someone asked if he got is Cisco certification free in the cornflakes

EDIT: His role means he isn't anywhere near network infrastructure thankfully.

Dempo1

AndrewJRenko wrote: »

Maybe you should leave the critiquing to those who ARE actual experts on this matter, and who can understand the difference between a tabloid headline and the real world?

Perhaps,

I'm just astonished that aside from technical reasons I'd don't pretend to understand, few asking the ligitimate questions as to the HSE"S culpability in seemingly being oblivious to the threat.

I wondered what if the vacinne roll out was impacted, thankfully it doesn't look like it is but my god, there would be skin and hair flying if it had or is impacted.

I suspect serious questions will be asked of Senior HSE management, so we'll wait and see I guess.

I'll leave it at that

Beechwoodspark

irelandpride wrote: »

Dedicated groups who constantly swarm the internet for vulnerabilities. Banks and government agenecies are constantly under attacks.

This could be something as simple as an email that got through their filtering system and the user had an account with elevated privilege's and clicked the attachment or link in the email.

Could also be as something as some hacker got the login info of a users account through their helpdesk and knew how to get access to their email from this and sent out a load of emails which people clicked.

Personally myself its simple to get to the online access email for a lot of companies and to get their online infrastructure login.
If i had a username and a password I'd be in.

You say you’d be “in”

So what would you do when in???

Depends v much on the security

HalfAndHalf

[Deleted User] wrote: »

Here, some in the industry aren't much better. On a teams call this morning to brief folks in case questions were asked from customers about our/their level of security there was some banter and discussion about the situation and one of the 2nd level support guys commented very seriously "sure they can just restore the backups" and I watched the heads collectively shake from side to side on screen.

Someone asked if he got is Cisco certification free in the cornflakes

EDIT: His role means he isn't anywhere near network infrastructure thankfully.

Not sure what networking has got to do with encrypted files but why was he made to look stupid on a teams call by other members of his team? I wouldn’t want to be in a ‘team’ like that.

Also, from the perspective of a windows server with now encrypted files on, what were the shaky head peoples recommendations for a fix?

Not many options in this scenario, if you pay the ransom you can’t use those servers anymore anyway, they need a clean install.

So you’ve got to try and ascertain when the payload was first injected, rebuild the servers and then restore data from the last safe backup. Or are you saying you’ll just lose all the data and start again!!!!!??

Beechwoodspark

Yep. If the very costly ransom is paid you basically have to write off the servers and do a clean install.

HalfAndHalf

Dempo1 wrote: »

Perhaps,

I'm just astonished that aside from technical reasons I'd don't pretend to understand, few asking the ligitimate questions as to the HSE"S culpability in seemingly being oblivious to the threat.

I wondered what if the vacinne roll out was impacted, thankfully it doesn't look like it is but my god, there would be skin and hair flying if it had or is impacted.

I suspect serious questions will be asked of Senior HSE management, so we'll wait and see I guess.

I'll leave it at that

Before you leave it at that, read the link I posted, you might then understand a bit more and have a bit of sympathy to only being able to fight a losing battle as best you can with the tools and systems available.

Beechwoodspark

Dempo1 wrote: »

Perhaps,

I'm just astonished that aside from technical reasons I'd don't pretend to understand, few asking the ligitimate questions as to the HSE"S culpability in seemingly being oblivious to the threat.

I wondered what if the vacinne roll out was impacted, thankfully it doesn't look like it is but my god, there would be skin and hair flying if it had or is impacted.

I suspect serious questions will be asked of Senior HSE management, so we'll wait and see I guess.

I'll leave it at that

Hey...let’s see. But it appears the hse had adequate “protection”. However the hackers were able to breach that ...

TomOnBoard

Beechwoodspark wrote: »

There should be NO money to the hacker regardless.

Reminds me of all the movies ever made where the lad says "we don't negotiate with kidnappers" while his next door neighbour's daughter was being hacked up and sent to her home in pieces!

At some point, the kidnapping/ransoming/hacking criminals almost always get paid!

Except of course when Iiam Neeson is involved:

https://m.youtube.com/watch?v=1SXsCkKuvOU

octsol

TomOnBoard wrote: »

Reminds me of all the movies ever made where the lad says "we don't negotiate with kidnappers" while his next door neighbour's daughter was being hacked up and sent to her home in pieces!

At some point, the kidnapping/ransoming/hacking criminals almost always get paid!

Except of course when Iiam Neeson is involved:

https://m.youtube.com/watch?v=1SXsCkKuvOU

I can just imagine gift grub doing this

HalfAndHalf

TomOnBoard wrote: »

Reminds me of all the movies ever made where the lad says "we don't negotiate with kidnappers" while his next door neighbour's daughter was being hacked up and sent to her home in pieces!

At some point, the kidnapping/ransoming/hacking criminals almost always get paid!

Except of course when Iiam Neeson is involved:

https://m.youtube.com/watch?v=1SXsCkKuvOU

There is literally zero point in paying the ransom, I mean you can like, and you can then work away like nothing happened, but you can’t ever trust those servers ever again even with all the remediation in the world.

So you have to rebuild them and restore the data which is what you have to do anyway so why pay.

TomOnBoard

octsol wrote: »

I can just imagine gift grub doing this

Yeah... Mebbe this would be a more appropriate example:

https://m.youtube.com/watch?v=EiXSenizbKo

TomOnBoard

HalfAndHalf wrote: »

There is literally zero point in paying the ransom, I mean you can like, and you can then work away like nothing happened, but you can’t ever trust those servers ever again even with all the remediation in the world.

So you have to rebuild them and restore the data which is what you have to do anyway so why pay.

Like in your own username, there are two parts to be considered:

1. Getting systems back up, and running and fully cleaned and inoculated, and
2. Avoiding the reputational damage of having your clients' confidential details drip-fed onto the internet for months/years to come.

In mant cases, non-payment of a ransom might make sense in respect of 1. In respect of 2? Not so much!

Infini

The fúckers who infest a health system with ransomware for cash are the lowest kind of miserable cúnts in existence expecially if this causes people to suffer or even die and honest I hope Karma fúcks them over hard some day for their pathetic fúckery.

HalfAndHalf

TomOnBoard wrote: »

Like in your own username, there are two parts to be considered:

1. Getting systems back up, and running and fully cleaned and inoculated, and
2. Avoiding the reputational damage of having your clients' confidential details drip-fed onto the internet for months/years to come.

In mant cases, non-payment of a ransom might make sense in respect of 1. In respect of 2? Not so much!

How does paying the ransom stop 2 from happening?

At the point the data is encrypted the hacker has looked everywhere they want on the network, exfiltrated all the data they can and finished off by locking you out of everything.

To be fair to the HSE lads as soon as they became aware they cut the chord and powered everything off just in case someone was still poking around.

You don’t pay the ransom them get an email saying ‘cheers lads, by the way we didn’t take anything so ye’ve nothing to worry about’

That ship’s sailed.

Gael23

Has any confidential patient data been compromised do we know?

Who would be responsible for providing IT security protection? Is it an external contractor or is there a HSE cyber security team?

magicbastarder

Dempo1 wrote: »

I'm just astonished that aside from technical reasons I'd don't pretend to understand, few asking the ligitimate questions as to the HSE"S culpability in seemingly being oblivious to the threat.

why 'seemingly'?

hmmm

TomOnBoard wrote: »

In mant cases, non-payment of a ransom might make sense in respect of 1. In respect of 2? Not so much!

They pay a ransom & there won't be an Irish government department or organisation which won't be a target as a consequence.

This is a situation where you have to make the difficult but correct decisions.