Ransomware & HSE

HalfAndHalf

magicbastarder wrote: »

why 'seemingly'?

Seemingly - when someone insinuates that something is fact without any available proof to back up the insinuation.

Joanna Yellow Racer

Joanna Yellow Racer wrote: »

https://twitter.com/jbarro/status/1393299153976020993

Another Muppet. The tweeter, not you.

riclad

Ransomwhere implys they may have planted malware on hse pcs and encrypted user data . This happens every day but most of the time we do not hear about it if its a private company
why pay the ransom and get back the data
All computers connected to the network have to be isolated
and checked otherwise the hacker has root acess to the network
and can erase data or encrypt it. It seems to me every month
there are company's being hacked due to vulnerabilitys in Microsoft exchange email servers
https://www.google.com/amp/s/www.zdnet.com/google-amp/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/
Every large company needs a full time 24,7 security team
just to update all Windows pcs exchange servers etc and
keep up with the latest network vunerabilitys
Many company's have older pcs using Windows 7
because not all programs are updated to run on Windows 10
or to operate machines devices that use old Windows 7
device drivers

kingtiger

HalfAndHalf wrote: »

At the point the data is encrypted the hacker has looked everywhere they want on the network, exfiltrated all the data they can and finished off by locking you out of everything.

To be fair to the HSE lads as soon as they became aware they cut the chord and powered everything off just in case someone was still poking around.

ransomware doesn't work like that, it doesn't give them access to the network to "poke around"

its a file encryption payload that once executed just encrypts everything it can, its as simple as that

TallGlass2

HalfAndHalf wrote: »

So you have to rebuild them and restore the data which is what you have to do anyway so why pay.

Work in the industry myself, heard from viable sources this is the playbook at the moment. All backend infrastructure is being rebuilt from ground up. Only concern with that is given the size of the infrastructure that is no small task in the slightest.

I suppose some of the narative is giving out about the IT infrastructure as such. However, you could have a panel of experts, if finance do not agree with your recommendations then your in the wind. Its the name of the game, sadly. IT only ever gets serious consideration sometimes after a massive impact.

MrMusician18

Gael23 wrote: »

Has any confidential patient data been compromised do we know?

Reid said that they believe at this point that patient data has not been compromised.

But who knows

kingtiger

MrMusician18 wrote: »

Reid said that they believe at this point that patient data has not been compromised.

But who knows

highly doubt they got any data as its not a network hack, it just an encryption payload that once executed just rips through a network encrypting everything it can

this is not a high tech hack, the HSE is just an easy target due to all the legacy systems it has

Hurrache

kingtiger wrote: »

this is not a high tech hack, the HSE is just an easy target due to all the legacy systems it has

Ah lads.

kingtiger

Hurrache wrote: »

Ah lads.

ever worked on a hospital network? I have

Darc19

topdecko wrote: »

Having worked in the NHS and then in Irish primary care there is a stark difference in the security aspect of IT infrastructure. In UK was all smart cards, individual PC logins, encryption on NHS mail if sending external mails etc. There was more of an effort and a better grasp of IT by everyone in organisation.
Coming back over here it was quite a culture shock - everyone using same desktop logins, simple passwords, fax still being used, lack of use healthmail in hospitals etc.
My question i suppose is do we need to rebuild from ground up and have a basic level of security - smart cards for everyone as a basic starting point... would that improve resilience in the system and reduce vulnerabilties

Do you really think that the unions would allow technology into the workplace?

Seriously?

Zero chance unless it's accompanied by a mega patriae.

MrMusician18

kingtiger wrote: »

highly doubt they got any data as its not a network hack, it just an encryption payload that once executed just rips through a network encrypting everything it can

this is not a high tech hack, the HSE is just an easy target due to all the legacy systems it has

Conti, which this was, gives the ability to extract data from the victim. Not just your bog standard encryption attack.

mrjoneill

hmmm wrote: »

They pay a ransom & there won't be an Irish government department or organisation which won't be a target as a consequence.

This is a situation where you have to make the difficult but correct decisions.

Companies and organizations have paid and still do pay, that's the reason the attack took place

AndrewJRenko

TomOnBoard wrote: »

Like in your own username, there are two parts to be considered:

1. Getting systems back up, and running and fully cleaned and inoculated, and
2. Avoiding the reputational damage of having your clients' confidential details drip-fed onto the internet for months/years to come.

In mant cases, non-payment of a ransom might make sense in respect of 1. In respect of 2? Not so much!

Paying the ransom doesn't stop 2 happening. These guys don't play by the rules.

Hurrache

Hurrache wrote: »

Ah lads.

A friend of mine looked at this thread and said Sesame Street was back.

AndrewJRenko

Darc19 wrote: »

Do you really think that the unions would allow technology into the workplace?

Seriously?

Zero chance unless it's accompanied by a mega patriae.

When have unions ever blocked improved IT security?

kingtiger

MrMusician18 wrote: »

Conti, which this was, gives the ability to extract data from the victim. Not just your bog standard encryption attack.

so they may of used rclone to grab some directories from the file servers and send it back to a cloud drive, pretty much like a copy paste

If the HSE password protected their sensitive files there is not much they can do

this is not the work of some criminal masterminds

AndrewJRenko

AndrewJRenko wrote: »

When have unions ever blocked improved IT security?

Actually, I have seen that happen. I'll PM you the story. Would rather not publicize it.

mrjoneill

Hurrache wrote: »

Someone here googled Cobol (it's actually COBOL), saw that it's old, and automatically jumped to the conclusion that it's antiquated. You'll run a COBOL system on a virtual server on any number of clouds FFS.

There's a queuing system for the barstools tonight.

I will try to be more exact with my words in future, I in fact wrote cobol code. And the point still stands that there are many cobol programs that will not compile on newer sys. Perhaps you should take a break from being mr perfect. The bars are still closed too so no competition for the stools.

jams100

Does anyone know what IT company the hse works with? It's not SAP anyway afaik

Read they use DXC for financial management/ procurement.

Is it a case of they cheaped out of the bigger companies here? (Not saying this ransomware attack wouldn't have happened if they were working with a particular IT company). Just interested to know who they actually work with? I'm going to hazard a guess and say multiple companies for different functional areas.

kowloonkev

What concerns me is that we are supposed to trust cyber security experts, possibly from other countries who would be well capable of both the attack and getting paid for the defence of it. Maybe I'm being paranoid.

For the cyber security experts among us here, as someone with limited knowledge, is there any way that the government could prevent access to people from outside the state from entering the HSE portals, or block emails from foreign IP addresses (I know probably not possible with VPNs)? But there really is no need for anyone outside the country to be able to use or come into contact with HSE systems or most public services for that matter.

I am almost certainly talking utter drivel so excuse me.

jams100

jams100 wrote: »

Does anyone know what IT company the hse works with? It's not SAP anyway afaik

Read they use DXC for financial management/ procurement.

Is it a case of they cheaped out of the bigger companies here? (Not saying this ransomware attack wouldn't have happened if they were working with a particular IT company). Just interested to know who they actually work with? I'm going to hazard a guess and say multiple companies for different functional areas.

I know a few. It's easy to find out.

Its not Lidl Security.

kowloonkev

kowloonkev wrote: »

What concerns me is that we are supposed to trust cyber security experts, possibly from other countries who would be well capable of both the attack and getting paid for the defence of it. Maybe I'm being paranoid.

For the cyber security experts among us here, as someone with limited knowledge, is there any way that the government could prevent access to people from outside the state from entering the HSE portals, or block emails from foreign IP addresses (I know probably not possible with VPNs)? But there really is no need for anyone outside the country to be able to use or come into contact with HSE systems or most public services for that matter.

I am almost certainly talking utter drivel so excuse me.

Yes.

You are talking drivel.

shtpEdthePlum

When i see the topic of the thread those covid ads pop into my head

"Ransomware is here."

StupidLikeAFox

jams100 wrote: »

Does anyone know what IT company the hse works with? It's not SAP anyway afaik
.

They definitely use SAP

Corruptedmorals

I wonder how much of a problem it is now that HSE hospitals use many different programmes and software with very little integration. There are many different EMR's and scanning archives in use. One system for radiology (which is common across most public hospitals), another for bloods, another for pathology and all hospitals use varying types of admin systems. By contrast, private hospitals tend to use fully integrated systems. Some hospitals are faring better than others depending on who is using EMR but all radiology, labs and other critical services are crippled.

Hopefully everything can resume on Monday at the latest.

HalfAndHalf

kingtiger wrote: »

ransomware doesn't work like that, it doesn't give them access to the network to "poke around"

its a file encryption payload that once executed just encrypts everything it can, its as simple as that

To save me typing why you’re wrong.

https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/#

Actually, reading some of your replies to others feck it I will.

You obviously have very little understanding of malware:

If the HSE password protected their files then the hackers can’t do anything?!? You think that busy staff in the HSE are password protecting documents meaning it takes them longer to access them and they keep a password db of each password OR they’re passwords are so complex that it wouldn’t take a brute force attack more than a minute to work it out.

Internet facing servers have vulnerabilities that hardware and software providers don’t admit to for a long time, see my Microsoft Exchange post, these scumbags could have had access for months before they finally executed the encryption payload!!

You say you’ve worked on the HSE network, maybe it was something you did that let them in???

AndrewJRenko

StupidLikeAFox wrote: »

They definitely use SAP

I think they use SAP payroll, not for their main financial systems afaik.

It's a red herring anyway - doesn't really matter what applications you use. All software has vulnerabilities.

dubrov

kowloonkev wrote:

What concerns me is that we are supposed to trust cyber security experts, possibly from other countries who would be well capable of both the attack and getting paid for the defence of it. Maybe I'm being paranoid.

Once you buy in foreign tech you are already committed to a certain level of trust.

Exploits could be designed into the chips themselves so all the security patching in the world would not help. However, this is unlikely given the reputational damage it would cause the manufacturer if discovered

magicbastarder

kingtiger wrote: »

If the HSE password protected their sensitive files there is not much they can do

using what method?

penny piper

Corruptedmorals wrote: »

I wonder how much of a problem it is now that HSE hospitals use many different programmes and software with very little integration. There are many different EMR's and scanning archives in use. One system for radiology (which is common across most public hospitals), another for bloods, another for pathology and all hospitals use varying types of admin systems. By contrast, private hospitals tend to use fully integrated systems. Some hospitals are faring better than others depending on who is using EMR but all radiology, labs and other critical services are crippled.

Hopefully everything can resume on Monday at the latest.

People are forgetting that anyone working for the hse/receiving salary/ pensions won't receive them this week if payroll/salary system is not working.