Ransomware & HSE

skimpydoo

No ransom has been paid. If it was it could not stay hidden forever. Plus if it was paid why are they still threatening to release data on Monday unless they are paid?

Roger_007

Deleted User wrote: »

To inject a little humour here, I had a weird nightmare last night reflecting all that's going on, and inspired by my watching a hospital and the DSPCA program on tv. In my dream I was working as a HSE hospital porter, wheeling patients to an operating theatre which was headed by a veterinary surgeon. The trouble was, the patients' limbs and body parts kept falling off on the way, and I was stressed trying to gather them up and bring them to theatre for reassembly by the vet. There were some animal parts in the mix. The vet and his nurses laughed their heads off at me for even thinking these folk could be reunited with their body parts, and I asked why not. It was explained to me that "We haven't got the decryption key!"

Are you sure that wasn’t a HSE training video you were watching?

Roger_007

Roger_007 wrote: »

Are you sure that wasn’t a HSE training video you were watching?

Tow

If a ransom was paid it would only take one person. You also have to remember that ~$20M was the opening amount, which would have been greatly reduced during any possible negotiations. Reduced enough to get the key, but not enough to stop the data being published! I can think of private individuals in Irish IT who could pay several million out of their own pocket without any difficulty. The reality is we don't know the full story, hopefully if was adverse publicity or pressure from other sources on the hackers which caused them to supply the key.

kippy

Tow wrote: »

If a ransom was paid it would only take one person. You also have to remember that ~$20M was the opening amount, which would have been greatly reduced during any possible negotiations. Reduced enough to get the key, but not enough to stop the data being published! I can think of private individuals in Irish IT who could pay several million out of their own pocket without any difficulty. The reality is we don't know the full story, hopefully if was adverse publicity or pressure from other sources on the hackers which caused them to supply the key.

The state or any organisation connected to the state hasn't paid a ransom.
The data will most likely find its way into the public domain whether the ransom is paid or not.
Unless further pressure is put on these criminals-which will be interesting to see.

Infini

kippy wrote: »

The state or any organisation connected to the state hasn't paid a ransom.
The data will most likely find its way into the public domain whether the ransom is paid or not.
Unless further pressure is put on these criminals-which will be interesting to see.

On our own we might not be able to do much but on an EU level it would certainly be possible to coordinate an effective responce. This was in effect an act of cyber terrorism, its not something that isn't going to have consequences long term.

Prev.

If I was a hacker I would leave something so I could snoop and stay in the network

Do these guys actually exit completely or do we even know

AndrewJRenko

Tow wrote: »

If a ransom was paid it would only take one person. You also have to remember that ~$20M was the opening amount, which would have been greatly reduced during any possible negotiations. Reduced enough to get the key, but not enough to stop the data being published! I can think of private individuals in Irish IT who could pay several million out of their own pocket without any difficulty. The reality is we don't know the full story, hopefully if was adverse publicity or pressure from other sources on the hackers which caused them to supply the key.

Who in 'Irish IT' WOULD (not could, would) pay a seven figure sum to help out the HSE?

Donald Trump

AndrewJRenko wrote: »

Who in 'Irish IT' WOULD (not could, would) pay a seven figure sum to help out the HSE?

Plenty of lads with loads of money. I'm not saying anyone did. I don't believe that it was paid.

AndrewJRenko

Donald Trump wrote: »

Plenty of lads with loads of money. .

WOULD, not could.

Who WOULD pay out a seven figure sum to get the HSE out of a hole?

MrMusician18

kippy wrote: »

A ransom hasn't been paid.

Can we move on?

I don't believe one has been either, but the idea that you need an army of people to do it and that it would be impossible to keep secret is just absurd. Government keeps secrets all the time.

How many Garda informers do we know by name and how much they're getting for their cooperation? 0 and 0. If the ransom was to be paid it would come as a direct instruction from the top inner circle (not even the whole of government would know) and would be paid through a third party, possibly an IT contractor. €20m would be easy enough to hide in the accounts under services rendered as basically during a crisis anything goes. The C&AG as mentioned earlier, f*ckin' lol.

TomOnBoard

This is soooooooo tiresome at this stage! I just want to know will ppl who have life-threatening conditions be able to get treated next week! Simple As!

I don't give two ****s whether a ranson has or has not been paid, whether Putin's Granny or Brother or Nephew broke a few legs in St Petersburg, whether Biden gave the CIA a hundred million dollars to blow a whole Russian city away, whether Leo V raided the local Credit Union, whether Denis O'Brien did another Trappatoni......

Can ppl who need treatment for life-threatening illnesses get these next week!!!

Aaaaand CRUCIALLY, can providers STOP using COVID as an excuse for total non-delivery over the past year!

Just GET ON WITH IT!!!

ineedeuro

Prev. wrote: »

If I was a hacker I would leave something so I could snoop and stay in the network

Do these guys actually exit completely or do we even know

FireEye are not incompetent like the HSE, they won’t be left in the network when they are finished. Problem is when they pass it back to the HSE

irishgeo

ineedeuro wrote: »

FireEye are not incompetent like the HSE, they won’t be left in the network when they are finished. Problem is when they pass it back to the HSE

You leave the fire software installed.

ineedeuro

irishgeo wrote: »

You leave the fire software installed.

All of the hospitals etc will have their own EDR contracts and probably a few with managed service companies.
I would expect you will see a lot of them removing ForeEye or they will have To scrap millions of euros worth of software and services.

How much will it cost then to buy and maintain FireEye for the entire HSE on top of the cost of the existing contracts?
The problem is not the EDR software, the problem is the maintenance, patching, updating etc

FireEye is not even the best EDR in the market, it just happened to be the company they brought in....the HSE could already have better software paid for and in place just not working correct or updated correctly

fly_agaric

TomOnBoard wrote: »

This is soooooooo tiresome at this stage! I just want to know will ppl who have life-threatening conditions be able to get treated next week! Simple As!

I don't give two ****s whether a ranson has or has not been paid, whether Putin's Granny or Brother or Nephew broke a few legs in St Petersburg, whether Biden gave the CIA a hundred million dollars to blow a whole Russian city away, whether Leo V raided the local Credit Union, whether Denis O'Brien did another Trappatoni......

Can ppl who need treatment for life-threatening illnesses get these next week!!!

Aaaaand CRUCIALLY, can providers STOP using COVID as an excuse for total non-delivery over the past year!

Just GET ON WITH IT!!!

Wouldn't usually be one to defend the HSE (!) but I don't know what you are expecting?
From what is being reported in the media about this, the health service is not going to be operating normally (full capacity) for quite some time.
It is "only" criminals + a ransomware attack that did this, but the severity of damage seems to be what you'd expect of an act of cyber warfare by a nation state. Am sure people are doing their best (& getting on with it) but it is not a quick fix and just because the health service used to run stuff largely on paper + with telephones back in the late 80s-early 90s doesn't mean they can easily go back to that now and keep everything running.

fryup

J Mysterio wrote: »

The government absolutely would not be able to keep it a secret had they paid a ransom. The provision of the decryption key is almost certainly due to diplomatic efforts.

it will come out in the inevitable PrimeTime Special

irishgeo

ineedeuro wrote: »

All of the hospitals etc will have their own EDR contracts and probably a few with managed service companies.
I would expect you will see a lot of them removing ForeEye or they will have To scrap millions of euros worth of software and services.

How much will it cost then to buy and maintain FireEye for the entire HSE on top of the cost of the existing contracts?
The problem is not the EDR software, the problem is the maintenance, patching, updating etc

FireEye is not even the best EDR in the market, it just happened to be the company they brought in....the HSE could already have better software paid for and in place just not working correct or updated correctly

True but if it failed to stop an encryption wide network event I be querying my contract.

What ever about the desktops not being updated and patched. You think the servers and hypervisor would be fully patched and updated.

You be curious how the previlage escalation occurred and how 700GB of data flowing out of the network wasn't spotted but I read reports of hackers hiding it in Microsoft updates services.

ineedeuro

The government only have to keep it quiet now. If they did pay it will come out but in a couple of months time they can have plenty of excuses in place and of course a back story.
As I already said the HSE and government are in cover up mode since the start of this. The HSE know people should be fired but if they all stay in it together with the government they can ride out the wave and continue as it was before. hence why RTE telling everyone that the HSE are absolved from all blame.

Donald Trump

AndrewJRenko wrote: »

WOULD, not could.

Who WOULD pay out a seven figure sum to get the HSE out of a hole?

You will have to ASK THEM yourself dude.


How the fuck is anyone else supposed to know who would or would not do anything

skimpydoo

irishgeo wrote: »

You be curious how the previlage escalation occurred and how 700GB of data flowing out of the network wasn't spotted but I read reports of hackers hiding it in Microsoft updates services.

The 700GB was taken out in smaller tranches so that it would not be noticed and it was probably done at a time when updates are taking place.

ineedeuro

skimpydoo wrote: »

The 700GB was taken out in smaller tranches so that it would not be noticed and it was probably done at a time when updates are taking place.

The SOC/SIEM would pick up un-usual activity even if it missed the initial data transfer. Or it should pick it up if set up right.
Do they have a SOC/SIEM? I would be astonished if they don't

TomOnBoard

Donald Trump wrote: »

You will have to ASK THEM yourself dude.


How the fuck is anyone else supposed to know who would or would not do anything

What I want to know is how the **** did fuck get through the fuck filtration/rejection/starring system without going to ****!!!

TomOnBoard

fly_agaric wrote: »

Wouldn't usually be one to defend the HSE (!) but I don't know what you are expecting?
From what is being reported in the media about this, the health service is not going to be operating normally (full capacity) for quite some time.
It is "only" criminals + a ransomware attack that did this, but the severity of damage seems to be what you'd expect of an act of cyber warfare by a nation state. Am sure people are doing their best (& getting on with it) but it is not a quick fix and just because the health service used to run stuff largely on paper + with telephones back in the late 80s-early 90s doesn't mean they can easily go back to that now and keep everything running.

Just try reading it again!

If you still feel you understood what I said, fine!I

I am soooo ****ing tired with the ****e being trotted out here.... Soooooo tired of it!!

Donald Trump

TomOnBoard wrote: »

What I want to know is how the **** did fuck get through the fuck filtration/rejection/starring system without going to ****!!!

Wizard Spider are trying to bypass boards.ie swear filter next. Haven't breached it yet though. Shower of cunts

ineedeuro

ineedeuro wrote: »

FireEye are not incompetent like the HSE, they won’t be left in the network when they are finished. Problem is when they pass it back to the HSE

You do realise that FireEye were hacked and their red team software was stolen

https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html

AndrewJRenko

Donald Trump wrote: »

You will have to ASK THEM yourself dude.


How the fuck is anyone else supposed to know who would or would not do anything

The people who are posting here that there are loads of generous, altruistic lads ready to hand over a seven figure sum are the ones who must know who they are. If you know people who are ready to do this, name them - give us some examples of these people. Without names, they're just spoofing.

ineedeuro wrote: »

The government only have to keep it quiet now. If they did pay it will come out but in a couple of months time they can have plenty of excuses in place and of course a back story.
As I already said the HSE and government are in cover up mode since the start of this. The HSE know people should be fired but if they all stay in it together with the government they can ride out the wave and continue as it was before. hence why RTE telling everyone that the HSE are absolved from all blame.

Who specifically should be fired for this?

MrMusician18 wrote: »

I don't believe one has been either, but the idea that you need an army of people to do it and that it would be impossible to keep secret is just absurd. Government keeps secrets all the time.

How many Garda informers do we know by name and how much they're getting for their cooperation? 0 and 0. If the ransom was to be paid it would come as a direct instruction from the top inner circle (not even the whole of government would know) and would be paid through a third party, possibly an IT contractor. €20m would be easy enough to hide in the accounts under services rendered as basically during a crisis anything goes. The C&AG as mentioned earlier, f*ckin' lol.

Garda have existing lines in their budget for all their operations.

HSE and DoH don't have an existing budget line for paying ransoms, so the money is going to have to come from somewhere. That kind of money doesn't get hidden in accounts. If you've ever lived through a C&AG audit you'll know that you don't get to hide anything from them, let alone a seven-figure sum.

Let's just tease out this 'paying through a third party'. You think someone like Robert Watt is going to personally authorise a seven-figure payment to a third party, and just trust that they're going to do the right thing? Or is there going to be a contract, signed off by the AG, to require the third party to pay a ransom that breaches all kinds of legislation, procedure and policies? What if the third-party says 'ah yeah, I paid that over to the Russians, did they not sort ye out yet? Sure that's shocking, shocking I tell you' as they book their flights to Switzerland to start a new life off the Government's generousity.

It ain't going to happen.

Turtwig

Dark budgets exist in many nations. While I don't know if Ireland has one, I think it's not beyond the realm of possibility that we do have some element of finances that can be paid without any official public records kept. The HSE and DOH wouldn't even be told about it. Though they may suss it.

skimpydoo

Turtwig wrote: »

Shadow and dark budgets exist in many nations. While I don't know if Ireland has one, I think it's not beyond the realm of possibility that we do have some element of finances that can be paid without any official public records kept. The HSE and DOH wouldn't even be told about it. Though they may suss it.

No way shadow and dark budgets go as high as twenty million.

cadaliac

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...