Ransomware & HSE

Ash.J.Williams

BloodBath wrote: »

Why would a country with a 1.7 trillion economy target a non political enemy for a paltry 20 million ransom.

The idea that Putin or the Russian government has anything to do with this is laughably stupid.

I’ve experienced an attack that got to Ireland via an attack on an enemy of Russia

Donald Trump

BloodBath wrote: »

Why would a country with a 1.7 trillion economy target a non political enemy for a paltry 20 million ransom.

The idea that Putin or the Russian government has anything to do with this is laughably stupid.

They don't necessarily have to be directing it. It could be either being done with their tacit approval or turning a blind eye, or perhaps even their current or past agents doing it as a sideline.


You'll probably find that there aren't too many ransomware attacks from this group on Russian targets.

Wombatman

Get up there to that payroll server and run that decrypt tool stat.

G_R

Dempo1 wrote: »

Intrigued by this so called heat, barely a ment of this attack outside Ireland, Bloomberg news seems to be the only international news organisation that mentioned it, nothing reported on any UK media that I'm aware of. The only heat I'm aware of is the Hot air coming out of senior HSE management

A quick 2 second google and I found articles from the US to Australia (incl the UK). Wall St. Journal, LA times, Sky News, BBC, ABC News, Financial Times, the Guardian were all on the first few pages of results.

Anita Blow

ineedeuro wrote: »

More or less the hackers have sat for weeks/months undetected by the HSE so they have no idea when they could do a restore

That is even if they have backed up the servers correctly which is another question Mark

They have back-ups. Our hospital has a back-up right up until the day of the attack

Joshua J

Joshua J wrote: »

Almost certainly.

20 million is pretty good value when you consider the amount of money they have pissed away over the years.

saabsaab

Donald Trump wrote: »

They don't necessarily have to be directing it. It could be either being done with their tacit approval or turning a blind eye, or perhaps even their current or past agents doing it as a sideline.


You'll probably find that there aren't too many ransomware attacks from this group on Russian targets.

Might be time to send a few Secret Service agents to St Petersburg. Track down their computer network and sabotage it.

Donald Trump

saabsaab wrote: »

Might be time to send a few Secret Service agents to St Petersburg. Track down their computer network and sabotage it.

A few lads fresh out of Templemore.

Van.Bosch

hmmm wrote: »

The problem you have with this type of attack is you can't be sure your backups haven't been corrupted.

So you could restore a backup and bam, the ransomware restarts. Or you've just installed a backdoor into your network.

You have to really be confident that you understand how they got in, and what they have changed, and that's just incredibly difficult and time-consuming. In most cases you can't really be sure you know everything.

Even with a decryption key, it's not like you just run it on your network and everything goes back to normal. It's useful in case you have some data that wasn't properly backed up, but you can't trust anything in your environment and most security people will tell you to rebuild nearly everything.

It's an incredibly destructive type of attack.

My hope with them providing the key is they are getting leaned on by someone, and they may be less inclined to leak the actual data.

What’s your best guess for things to be back fully operational?

As an aside, if the vaccine programme isn’t impacted, why aren’t they publishing the daily stats?

skimpydoo

Send these guys in.

Sierra Oscar

Joshua J wrote: »

Almost certainly.

No ransom has been paid. More likely pressure is being put on the group by Russian intelligence services. The Russian Government might get its planning permission for its extensive embassy development here afterall and a blind eye turned to what goes into it. There’s undoubtedly some quid pro quo involved somewhere.

Joshua J

Sierra Oscar wrote: »

No ransom has been paid. More likely pressure is being put on the group by Russian intelligence services. The Russian Government might get its planning permission for its extensive embassy development here afterall and a blind eye turned to what goes into it. There’s undoubtedly some quid pro quo involved somewhere.

More likely its been paid.

Sierra Oscar

Joshua J wrote: »

More likely its been paid.

No ransom has been paid by the Irish State. The Taoiseach, Tánaiste and Minister for Health will all be resigning if it is has considering they’ve stated on the record in the Dáil as of today that it has not been paid and will not be paid.

Officials of the State are prohibited from paying ransoms by law. The last thing that will happen is that the ransom will be paid. They’ll let the data be leaked and rebuild the network by scratch if they have to rather than paying it.

Far more likely than diplomacy has played a role here. The providing of the key will come at some cost, what that is we may never know, but it won’t involve the ransom demand being met.

degsie

I'd imagine these w@nquers would love to get inside a vaccine manufacturing site. Stomach churning does not describe the scroats behind this attack.

Ash.J.Williams

saabsaab wrote: »

Might be time to send a few Secret Service agents to St Petersburg. Track down their computer network and sabotage it.

With hammers

saabsaab

Donald Trump wrote: »

A few lads fresh out of Templemore.

Might stand out a bit too much?

Joshua J

Sierra Oscar wrote: »

No ransom has been paid by the Irish State. The Taoiseach, Tánaiste and Minister for Health will all be resigning if it is has considering they’ve stated on the record in the Dáil as of today that it has not been paid and will not be paid.

Officials of the State are prohibited from paying ransoms by law. The last thing that will happen is that the ransom will be paid. They’ll let the data be leaked and rebuild the network by scratch if they have to rather than paying it.

Far more likely than diplomacy has played a role here. The providing of the key will come at some cost, what that is we may never know, but it won’t involve the ransom demand being met.

Thats great and all but the most likely scenario is they got paid.

TomOnBoard

skimpydoo wrote: »

Send these guys in.

Sadly, Tackleberry, the one lad who wudda sorted them out in Russia died 20 years ago...

saabsaab

Ash.J.Williams wrote: »

With hammers

Could go as construction workers/electricians?

Ash.J.Williams

saabsaab wrote: »

Could go as construction workers/electricians?

The village people

Sierra Oscar

Joshua J wrote: »

Thats great and all but the most likely scenario is they got paid.

Most likely scenario is they didn’t get paid the ransom. The State has never paid a ransom in its history, even when lives were on the line and people died as a result.

jimmycrackcorm

Joshua J wrote: »

More likely its been paid.

No, because the hackers know that the systems can be rebuilt. That's not the issue, the real issue is leaking personal data and whether it's worthwhile to the state to pay based on possible legal claims.

In that case, there will be no guarantee that the data won't be held to ransom again so there's no point paying.

I think the government should make a law that they can't be sued for stolen data being released otherwise it will be open season.

Dempo1

G_R wrote: »

A quick 2 second google and I found articles from the US to Australia (incl the UK). Wall St. Journal, LA times, Sky News, BBC, ABC News, Financial Times, the Guardian were all on the first few pages of results.

That was fast but it doesn't change the possibility a payment was made

Joshua J

Sierra Oscar wrote: »

Most likely scenario is they didn’t get paid the ransom. The State has never paid a ransom in its history, even when lives were on the line and people died as a result.

Someone paid it, I didnt say the state.

Van.Bosch

Joshua J wrote: »

Someone paid it, I didnt say the state.

Like when Denis O’Brien paid Trappatoni’s wages.

Dempo1

Sierra Oscar wrote: »

Most likely scenario is they didn’t get paid the ransom. The State has never paid a ransom in its history, even when lives were on the line and people died as a result.

How do we know the state never paid a ransom? Genuine question, it's hardly something that would be admitted too? If a ransom has been paid on this occasion we'll likely never be told

BloodBath

BloodBath wrote: »

Why would a country with a 1.7 trillion economy target a non political enemy for a paltry 20 million ransom.

The idea that Putin or the Russian government has anything to do with this is laughably stupid.

Maybe a few rogue elements who will find themselves on the receiving end of a neuro-toxin the the near future

Dempo1

Joshua J wrote: »

Thats great and all but the most likely scenario is they got paid.

I agree but for some inexplicable reason some think this scenario impossible to comprehend.

It was abundantly clear the HSE and more seriously, our health system was on its knees and zero evidence a solution could be found, then info start leaking onto the dark net, No matter what various ministers said, this could not be allowed, someone gave in and it wasn't the Hackers

Sierra Oscar

Bloomberg reporting decryption key provided after intervention of EU & US officials and high level negotiations with Russia. Also linked to Colonial Pipeline attack apparently which would make sense.

It’s been suggested that the possibility of imposing further crippling sanctions against Russia was floated. Although I suspect the opposite has happened, don’t be surprised if we hear about sanctions relief in the coming weeks …

The ransom is micky mouse stuff in the grand scheme of things.

cnocbui

WE need to close the Russian embassy and expel all of it's diplomats and staff. It is far larger than needed for such a tiny country as it's an intelligence base for a large chunk of their espionage activities in Europe.