Ransomware & HSE

harr

The Israelis not happy with some of the flack they are getting from this country... maybe .. or is that more of a conspiracy thread post

PokeHerKing

whippet wrote: »

I'm in IT for over two decades and I have yet to come across a ransomware attack where the attackers asked for a wire transfer or bank notes

So in the early 00s before crypto where there any ransomeware attacks?

hmmm

The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

whippet

PokeHerKing wrote: »

So in the early 00s before crypto where there any ransomeware attacks?

there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.

arctictree

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

whippet

hmmm wrote: »

The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

If you think the Russian ambassador would even entertain such a call your very wet behind the ears - think about what they Russians have done on UK soil in the likes of Salisbury to know they couldn't give a monkies what other governments think of them

hmmm wrote: »

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

absolutely

whippet

arctictree wrote: »

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

if you don't pay the hackers will just move on to the next target.

Depending on if or how badly their back-ups / DR was impacted will dictate the time and cost to the HSE to get back up and running.

this could be months and months .. but at this stage there is no knowing.

Sometimes it might make economical sense to pay the ransom - but even at that there will be a massive job of work to get everything back online - you have to assume that every data store, every file still has malicious code embedded.

Just restoring everything could mean that in a couple of weeks your back to square one

is_that_so

arctictree wrote: »

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

Well they won't release the system for one. The HSE will then have to recover the system from backups, mostly paper by the sounds of things!

KildareP

JDxtra wrote: »

Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?

My thoughts too. Usually these are purely opportunistic attacks except you only hear about then when it hits big organisations like the HSE, NHS, etc.

PokeHerKing

whippet wrote: »

there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.

So for the ones before crypto how did they get paid?

We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?

Flinty997

PokeHerKing wrote: »

So in the early 00s before crypto where there any ransomeware attacks?

Wasn't much encryption back then either.

whippet

PokeHerKing wrote: »

So for the ones before crypto how did they get paid?

We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?

one lad had a PO Box in Panama - send cash in the post and he would send you back the keys

leahyl

.42. wrote: »

Are the HSE still using redundant OS like Windows XP?

I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.

whippet

leahyl wrote: »

I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.

the first thing you do when you have a ransomware attack is take everything offline

lawred2

whippet wrote: »

the first thing you do when you have a ransomware attack is take everything offline

I doubt that poster meant just this morning

Hurrache

Badly fukt wrote: »

Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

You think such exchanges involve a meet up on foggy bridge in the rain to hand over a suitcase of cash?

leahyl

lawred2 wrote: »

I doubt that poster meant just this morning

Exactly, I meant in general

PokeHerKing

whippet wrote: »

one lad had a PO Box in Panama - send cash in the post and he would send you back the keys

So ways and means before crypto. As the saying goes correlation does not imply causation.

Meirleach

Well this is horrific. Could easily lead to lives lost.

davo2001

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

Skyfloater

I wonder how this will affect the Covid vaccine roll out. Presume they can switch to paper records, but it's got to bung up the system fairly quickly I would have thought.

is_that_so

Skyfloater wrote: »

I wonder how this will affect the Covid vaccine roll out. Presume they can switch to paper records, but it's got to bung up the system fairly quickly I would have thought.

That's a different system, so not affected.

AndrewJRenko

davo2001 wrote: »

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

They didn't shut down their ENTIRE network. Vaccination systems are still working normally.

But don't let facts hold you back on your rush to I'll informed judgement.

Btw, if you know what foolproof systems and processes the head of IT should have implemented to guarantee this would never happen, please share - because this would make you billions.

Atlantic Dawn

I'd like to think the HSE IT system is so backward even hackers would struggle to find their way around it, likely a few Commodore 64's still holding up parts of it.

is_that_so

AndrewJRenko wrote: »

They didn't shut down their ENTIRE network. Vaccination systems are still working normally.

But don't let facts hold you back on your rush to I'll informed judgement.

Network is down in other non-medical locations as well, as a precaution.

jams100

davo2001 wrote: »

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

In fairness, the HSE employs over 100k people. This seems to be down to years and years of mismanagement.
Sure didn't I read a few years ago that they had to pay Microsoft to keep supporting Windows xp or 7?
You'd hope that after the previous incident a couple of years ago that they now work with external partners in terms of their IT.
I imagine it's a mammoth job trying to overhaul any IT infrastructure in the HSE both from a technical and political (money) point of view.

Chips Lovell

whippet wrote: »

if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

Identifying them is one thing. Successfully prosecuting them is another. Most live in jurisdictions that would be unwilling to extradite. For example:

https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens

Hurrache

davo2001 wrote: »

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

I'm enjoying how everyone are now both experts in pandemics and viruses, and have quickly gained expertise in IT security.

It must be all the TV they're watching, as it appears to little foundation in reailty,

Notorious93

Badly fukt wrote: »

Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

You must be talking about Bitcoin as opposed to crypto in general. There are plenty of privacy coins out there like Monero.

ixoy

Hurrache wrote: »

I'm enjoying how everyone are now both experts in pandemics and viruses, and have quickly gained expertise in IT security.

It must be all the TV they're watching, as it appears to little foundation in reailty,

Eh, it's well known that they could have had someone sitting at a terminal monitoring and shouting: "They're attacking! First firewall breached! Oh they're good! We've got 3 minutes until they breach the fifth firewall! Trace the IP!!"