Ransomware & HSE

HalfAndHalf

runawaybishop wrote: »

There are malicious actions performed very single minute of every single day.

NWO. Lol.

Conspiracy........conspiracy everywhere........LOL

Damien360

ongarite wrote: »

Interesting, could be something that will put the brakes on WFH model and bring employees back to "secure" office network.
I can only imagine the amount of people using default router, WiFi passwords or simple to remember/share with household at home.
Homes are likely to have insecure personal laptops or IOT devices that could expose sensitive data to hackers.

Enterprise networks connect WFH employees using VPN. It doesn’t matter what your home network exploits are. As long as the VPN connection is monitored and secure and the device you connect with is properly administered and controlled then your home network is not an issue. I would be surprised if this hack is deep in sensitive parts of the network and it may simply precautionary steps by network admin to prevent further damage by cutting the connections late at night when they saw it…..hopefully.

HalfAndHalf

HalfAndHalf wrote: »

Still waiting to hear what all the ‘expert’ laughing boys came up with as a solution, or is the lack of response because the measly 2nd Line guy was correct?

Was it you on the call we were shacking our heads at

HalfAndHalf

[Deleted User] wrote: »

Was it you on the call we were shacking our heads at

That’s your comeback after all this time?! I feel let down even more now, but to be honest I’ve never had anyone SHACK anything at me luckily!

Notice you haven’t actually answered the question on what you IT superstars came up with though! Says a lot!!

political analyst

Why would Russian hackers have any interest in the IT system of the Irish public healthcare system anyway?

HalfAndHalf

HalfAndHalf wrote: »

That’s your comeback after all this time?! I feel let down even more now.

Notice you haven’t actually answered the question on what you IT superstars came up with though! Says a lot!!

Some of us have better things to do but yeah more fool me for wading though the last 3 or 4 pages of nonsense you've posed. Anyone working in the industry knows you for what you are

HalfAndHalf

[Deleted User] wrote: »

Some of us have better things to do but yeah more fool me for wading though the last 3 or 4 pages of nonsense you've posed. Anyone working in the industry knows you for what you are

So still no answer, thought so! Tis yourself showing who you are!

Probably an SD call logger. LOL!

Flinty997

HalfAndHalf wrote: »

Yeah, that’s why I say you have test, especially a bank who should have multicluster nodes or active/passive where you can patch one, test of all good rollout or if all bad rollback.

I wish Microsoft servers were that predictable. Come back Novell all is forgiven.

HalfAndHalf

HalfAndHalf wrote: »

So still no answer, thought so! Tis yourself showing who you are!

Probably an SD call logger. LOL!

20 years in the industry, know a spoofer when I see one at this stage.

TomOnBoard

Deleted User wrote: »

Some of us have better things to do but yeah more fool me for wading though the last 3 or 4 pages of nonsense you've posed. Anyone working in the industry knows you for what you are

I suppose anyone hoping to have serious, informed discussion on this topic ought to have known that would not be possible given that the thread was created in 'Current Affairs' rather than in a technology forum.

Like, after all it is clearly located in the 'Social & Fun', comic-book area of Boards, where one ought not expect to find too much enlightenment alongside the anaemic sit-down comedy...

I need to remind myself of this fact every so often when I see particularly un-informed diatribes masquerading as 'expertise'- based commentary..

TomOnBoard

Flinty997 wrote: »

I wish Microsoft servers were that predictable. Come back Novell all is forgiven.

Nah, when we had VT100 terminals, we never had problems like these ransomware wars. Novell started the rot, IMHO!

irishgeo

political analyst wrote: »

Why would Russian hackers have any interest in the IT system of the Irish public healthcare system anyway?

They probably didn't. It just phoned home when someone ran the malware after maybe collection of an email address by a spambot or someone sold an email database(a reason not to use your work email for personal use) or they got if from another hack.

Or it could be an have been a targeted attack..

Pandiculation

irishgeo wrote: »

The ransom note is rather business focused, they seem to think it's a private medical business.

The message seems very amateurish and lacking in knowledge about the organisation that they hacked. Sounds rather generic and like a bunch of spoofers who don’t know what system they’re in.

Flinty997

irishgeo wrote: »

They probably didn't. It just phoned home when someone ran the malware after maybe collection of an email address by a spambot or someone sold an email database(a reason not to use your work email for personal use) or they got if from another hack.

Or it could be an have been a targeted attack..

This article suggests some group deliberately target hospitals as they are the mostly likely to pay.

https://www.theregister.com/2021/05/14/ireland_hse_ransomware_hospital_conti_wizardspider/

HalfAndHalf

[Deleted User] wrote: »

20 years in the industry, know a spoofer when I see one at this stage.

Ok well I’ve been in it for 21 years and seeing as all you’ve done is come into the thread, tell us how you laughed at a colleague for suggesting something and have failed on multiple occasions to grace us with ANY information on what you’d suggest to do, I’d say you’re the spoofer!

You seem to be good at having a pop at someone else by your own account but have zero ability to actually say anything of worth on the topic at hand.

Good luck.

HalfAndHalf

TomOnBoard wrote: »

I suppose anyone hoping to have serious, informed discussion on this topic ought to have known that would not be possible given that the thread was created in 'Current Affairs' rather than in a technology forum.

Like, after all it is clearly located in the 'Social & Fun', comic-book area of Boards, where one ought not expect to find too much enlightenment alongside the anaemic sit-down comedy...

I need to remind myself of this fact every so often when I see particularly un-informed diatribes masquerading as 'expertise'- based commentary..

So because we didn’t agree on paying the ransom, instead of having a ‘serious informed discussion’ with me about it, you hop on someone else’s response (who not only hasn’t had a serious informed discussion about it but actively runs away from any discussion about it) to have a pop.

WOW! Hypocrisy of the highest order!

magicbastarder

Damien360 wrote: »

Enterprise networks connect WFH employees using VPN. It doesn’t matter what your home network exploits are. As long as the VPN connection is monitored and secure and the device you connect with is properly administered and controlled then your home network is not an issue.

if you use cisco, there have been multiple issues found with anyconnect.
e.g. the most recent
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-anyconnect-code-exec-jR3tWTA6.html

i do know where i work that updating the client is a bit more fraught in the last yearm because if it goes wrong, it's not so easy to ask a user to call into the office to have it fixed.

Flinty997

A good time for everyone to check their own backups and restore one to see if it's ok. Assume you have backups. At least some of which are offline.

magicbastarder

HalfAndHalf wrote: »

Ok well I’ve been in it for 21 years

funny thing - i've been (genuinely) in it for 22 years so at this point, as we're playing pass the parcel, i'll wait for the next person who has been in it 23 years.

HalfAndHalf

HalfAndHalf wrote: »

Ok well I’ve been in it for 21 years and seeing as all you’ve done is come into the thread, tell us how you laughed at a colleague for suggesting something and have failed on multiple occasions to grace us with ANY information on what you’d suggest to do, I’d say you’re the spoofer!

You seem to be good at having a pop at someone else by your own account but have zero ability to actually say anything of worth on the topic at hand.

Good luck.

1 or 2 posts vs the 10's you've had today expelling your expert knowledge . HSE should be good by morning if they listen to you.

riclad

Russian hackers are interested in any company or entity that
has alot of data has alot of pcs connected to the Web
And can afford to pay a large ransom they can encrypt customer
data and demand payment from the hse for a code to unencrypt
the data
Right now the hse has most pcs turned off they can't acess data
Like xrays, personal medical records
Hackers have attacked private company's and local government
departments in America
, zero day means malware or hacks unknown to Microsoft
or other security professionals
There's probably irish company's effected by the exchange
Email hack but we did not hear about it in the news

omerin

RoamingDoc wrote: »

Called it!
This sentiment is nonsense. These major incidents are never the fault of one individual. If it was possible for one person to cause this much damage - it would be the fault of a hell of a lot of people.

It's the RACI model, someone is Accountable, be it Paul Reid or not sure if the HSE have one, the CTO

Hope they will eventually find whoever is behind this

HalfAndHalf

magicbastarder wrote: »

funny thing - i've been (genuinely) in it for 22 years so at this point, as we're playing pass the parcel, i'll wait for the next person who has been in it 23 years.

To be fair just thought again and it’s 22 for me too as of March.

Yer man will probably come back and say 24 anyway

skimpydoo

ongarite wrote: »

Interesting, could be something that will put the brakes on WFH model and bring employees back to "secure" office network.
I can only imagine the amount of people using default router, WiFi passwords or simple to remember/share with household at home.
Homes are likely to have insecure personal laptops or IOT devices that could expose sensitive data to hackers.

One of the solutions mentioned in the podcast was using a dedicated secure VPN and making sure data was not stored locally.

HalfAndHalf

[Deleted User] wrote: »

1 or 2 posts vs the 10's you've had today expelling your expert knowledge . HSE should be good by morning if they listen to you.

Where are these 10’s! You’re just making it up now! LOL!

And STILL not a single post from yourself of any worth! Because you’ve got absolutely nothing to say! Where’s your genius plan to restore from a ransomware attack? Come on we’re all waiting! Give us a clue with your 20 years of experience, superstar IT guru who belittles other members of their own team!

What’s that noise? I think someone’s ringing the SD cos they’ve forgotten their password, best let you go and answer it! LOL!!!!

StupidLikeAFox

Burgo wrote: »

Don't know if it has been mentioned yet but looks like a ransom amount has been released; $20 million

https://www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/

1% of the HSE budget, sure it would hardly be missed

StupidLikeAFox

StupidLikeAFox wrote: »

1% of the HSE budget, sure it would hardly be missed

That could pay the salary of two whole HSE consultants.

mrjoneill

skimpydoo wrote: »

One of the solutions mentioned in the podcast was using a dedicated secure VPN and making sure data was not stored locally.

They already use secure proxy servers. But if the virus is unknown to the virus protection it will get through in sys attack or on an unsuspecting email attachment.

mrjoneill

Deleted User wrote: »

That could pay the salary of two whole HSE consultants.

Payment does not make the sys secure. One might get a password to recover encrypted data but flushing the suspected virus out can be a tedious affair.

Flinty997

HalfAndHalf wrote: »

To be fair just thought again and it’s 22 for me too as of March.

Yer man will probably come back and say 24 anyway

I would say though length of time isn't a good measure. Tech is vastly more specialized and complex now.
You're really only judged on your recent experience and skill set. I doubt anyone cares what you did more than 3~5yrs ago.