Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Ransomware & HSE

  • 14-05-2021 6:32am
    #1
    Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    https://www.rte.ie/news/health/2021/0514/1221519-hospital-it-problem/

    These ransomware attacks are already causing so much disruption ... but when they target healthcare it becomes a matter of life an death.

    Fingers crossed the back ups were protected and the restore isn't too big a job


«13456758

Comments

  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭DaSilva


    I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

    I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.


  • Registered Users, Registered Users 2 Posts: 30,435 ✭✭✭✭Wanderer78


    There's just some complete arseholes on this planet, I understand some could be extremely poor, and some are just simply cnuts, another sh1t storm our health system has to deal with, hopefully this might force them to update our system now


  • Registered Users, Registered Users 2 Posts: 30,435 ✭✭✭✭Wanderer78


    DaSilva wrote:
    I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.


    Cryptos regularly experience pump and dumps anyway, nature of that beast


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    DaSilva wrote: »
    I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

    I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

    I see your point - however the value of Bitcoin etc would have little bearing - it's the existence of a currency that is easy to hide is the problem. Regardless of the value of bitcoin they would just look for enough of it to make it worth their while.

    Also - getting the encryption keys back through paying a ransom is only half the battle - the rebuild of systems is crippling


  • Registered Users, Registered Users 2 Posts: 5,876 ✭✭✭The J Stands for Jay


    Didn't this happen to the HSE about 3 years ago? I wonder what lessons they learned from it?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 30,435 ✭✭✭✭Wanderer78


    whippet wrote:
    I see your point - however the value of Bitcoin etc would have little bearing - it's the existence of a currency that is easy to hide is the problem. Regardless of the value of bitcoin they would just look for enough of it to make it worth their while.

    Bitcoin isn't a currency at all


  • Posts: 0 [Deleted User]


    Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    Badly fukt wrote: »
    Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

    if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

    We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom


  • Registered Users, Registered Users 2 Posts: 30,435 ✭✭✭✭Wanderer78


    whippet wrote:
    We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

    Some nice revenge hacks on YouTube, they definitely don't like it when the shoes on the other foot


  • Posts: 0 [Deleted User]


    Knowing how fragmented our HSE systems are, there has patently been lack of overall investment in IT here. It's not a bit surprising this has happened, especially at a time when vaccine rollout has been an added demand and one that has brought attention to potential exploitation.

    Somebody told me how they were trying to register on the portal for the vaccine for three days back and couldn't succeed, so that is likely enough symptomatic of an overall opportune attack on HSE.


  • Advertisement
  • Posts: 0 [Deleted User]


    whippet wrote: »
    if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

    We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

    Simply because they are a step above the normal criminal, professionals. Crypto itself is recorded and transparent.


  • Registered Users, Registered Users 2 Posts: 790 ✭✭✭conor_mc


    Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

    Anonymous ownership is one of the key “benefits” of crypto’s. That’s why nobody knows who Satoshi whatsisname actually is.

    Every currency is underpinned by an economy... in this case, the global criminal economy.

    And don’t even get me started on the stupidity of burning millions of tons of coal to “mine” the stuff in the midst of an existential climate crisis.

    It’s a cancer on global society.


  • Registered Users, Registered Users 2 Posts: 303 ✭✭.42.


    Are the HSE still using redundant OS like Windows XP?


  • Posts: 0 [Deleted User]


    whippet wrote: »
    if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

    We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

    Could be a solely a mischief attack by cnut who knows the vulnerabilities of the systems.


  • Posts: 0 [Deleted User]


    conor_mc wrote: »
    Anonymous ownership is one of the key “benefits” of crypto’s. That’s why nobody knows who Satoshi whatsisname actually is.

    Every currency is underpinned by an economy... in this case, the global criminal economy.

    And don’t even get me started on the stupidity of burning millions of tons of coal to “mine” the stuff in the midst of an existential climate crisis.

    It’s a cancer on global society.

    Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know


  • Posts: 0 [Deleted User]


    .42. wrote: »
    Are the HSE still using redundant OS like Windows XP?

    No mostly windows 7 though which is also end of life


  • Registered Users, Registered Users 2 Posts: 6,589 ✭✭✭touts


    If one person dies as a result of the health systems being down it should be treated as murder and an act of terrorism.

    After the attack on the oil pipeline in the US I suspect those bastards will be getting a visit from Seal Team 6 anyway. Don't know if it is the same terrorist group who attacked the US but clearly this has stepped up and we need to step up our response accordingly.


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    these attacks normally come in via a phishing email ... in which the user clicks on a link and they are in .... spend a few days looking around and encrypting fileshares - looking to see if they can see the backups and encrypt those also - and when they think they have done enough push the button and say - 'hey give me loads of bitcoin and you can get the encryption keys'


  • Registered Users, Registered Users 2 Posts: 12,888 ✭✭✭✭Calahonda52


    Knowing how fragmented our HSE systems are, there has patently been lack of overall investment in IT here. It's not a bit surprising this has happened, especially at a time when vaccine rollout has been an added demand and one that has brought attention to potential exploitation.

    Somebody told me how they were trying to register on the portal for the vaccine for three days back and couldn't succeed, so that is likely enough symptomatic of an overall opportune attack on HSE.

    under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
    The portal delay is a different issue

    “I can’t pay my staff or mortgage with instagram likes”.



  • Posts: 0 [Deleted User]


    No mostly windows 7 though which is also end of life

    That's like where I worked in local authority, Windows 7. Public services always go for the cheapest available anything, not the most cost-effective in the long run.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 790 ✭✭✭conor_mc


    Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

    Agreed, but it was bulky and awkward. And difficult/dangerous for criminals to collect a ransom.


  • Posts: 0 [Deleted User]


    under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
    The portal delay is a different issue

    Password updates had improved greatly by the time I retired. Earlier it was plain hilarious.


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    DaSilva wrote: »
    I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

    I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

    Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days


  • Registered Users, Registered Users 2 Posts: 32,136 ✭✭✭✭is_that_so


    under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
    The portal delay is a different issue
    That sounds likes a whole lot of entities, not just the HSE and they all have the same weak link - people. The only positive here is that the HSE is not long out of the paper pile and can revert to it to recover from this.


  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭DaSilva


    Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days

    I know crypto isn't the cause of crime and unrelated to most crime, but don't you think ransomware attacks become far more expensive and risky for the attacker if cryptocurrencies are not an option?


  • Registered Users, Registered Users 2 Posts: 6,589 ✭✭✭touts


    Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days

    Anti money laundering laws and policies were making a difference. It may not have been perfect but it WAS making a difference. Cryptocurrencies have completely bypassed and undermined those laws and policies and most of their early appeal was precisely for that. Those who trade in these unregulated and untraceable "currencies" remind me of the lad who likes a hit of cocaine but only at the weekend and insists he doesn't support the drug trade.


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    DaSilva wrote: »
    I know crypto isn't the cause of crime and unrelated to most crime, but don't you think ransomware attacks become far more expensive and risky for the attacker if cryptocurrencies were not an option for the attackers?

    I've genuinely no idea. Id have to see some sort of stats on the subject. Have they increased with cryptos or just increased in line with our technological age?


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    I've genuinely no idea. Id have to see some sort of stats on the subject. Have they increased with cryptos or just increased in line with our technological age?

    I'm in IT for over two decades and I have yet to come across a ransomware attack where the attackers asked for a wire transfer or bank notes


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    touts wrote: »
    Anti money laundering laws and policies were making a difference. It may not have been perfect but it WAS making a difference. Cryptocurrencies have completely bypassed and undermined those laws and policies and most of their early appeal was precisely for that. Those who trade in these unregulated and untraceable "currencies" remind me of the lad who likes a hit of cocaine but only at the weekend and insists he doesn't support the drug trade.

    I mean Revolut probably aided in the exchange of money for drugs. So what? Most new technologies aid humans for good or bad depending on their use. Crypto is definitely traceable but whether its worth the current hassle for law enforcement is another matter.

    Banks are still by a country mile the biggest facilitators of illegal money.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,967 ✭✭✭JDxtra


    Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?


  • Registered Users, Registered Users 2 Posts: 4,494 ✭✭✭harr


    The Israelis not happy with some of the flack they are getting from this country... maybe .. or is that more of a conspiracy thread post :)


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    whippet wrote: »
    I'm in IT for over two decades and I have yet to come across a ransomware attack where the attackers asked for a wire transfer or bank notes

    So in the early 00s before crypto where there any ransomeware attacks?


  • Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

    Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    So in the early 00s before crypto where there any ransomeware attacks?

    there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.


  • Registered Users, Registered Users 2 Posts: 4,364 ✭✭✭arctictree


    I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    hmmm wrote: »
    The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

    Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

    If you think the Russian ambassador would even entertain such a call your very wet behind the ears - think about what they Russians have done on UK soil in the likes of Salisbury to know they couldn't give a monkies what other governments think of them
    hmmm wrote: »
    Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

    absolutely


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    arctictree wrote: »
    I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

    if you don't pay the hackers will just move on to the next target.

    Depending on if or how badly their back-ups / DR was impacted will dictate the time and cost to the HSE to get back up and running.

    this could be months and months .. but at this stage there is no knowing.

    Sometimes it might make economical sense to pay the ransom - but even at that there will be a massive job of work to get everything back online - you have to assume that every data store, every file still has malicious code embedded.

    Just restoring everything could mean that in a couple of weeks your back to square one


  • Registered Users, Registered Users 2 Posts: 32,136 ✭✭✭✭is_that_so


    arctictree wrote: »
    I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?
    Well they won't release the system for one. The HSE will then have to recover the system from backups, mostly paper by the sounds of things!


  • Registered Users, Registered Users 2 Posts: 1,547 ✭✭✭KildareP


    JDxtra wrote: »
    Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?

    My thoughts too. Usually these are purely opportunistic attacks except you only hear about then when it hits big organisations like the HSE, NHS, etc.


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    whippet wrote: »
    there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.

    So for the ones before crypto how did they get paid?

    We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 13,122 ✭✭✭✭Flinty997


    So in the early 00s before crypto where there any ransomeware attacks?

    Wasn't much encryption back then either.


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    So for the ones before crypto how did they get paid?

    We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?

    one lad had a PO Box in Panama - send cash in the post and he would send you back the keys


  • Registered Users, Registered Users 2 Posts: 14,357 ✭✭✭✭leahyl


    .42. wrote: »
    Are the HSE still using redundant OS like Windows XP?

    I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.


  • Registered Users, Registered Users 2 Posts: 7,718 ✭✭✭whippet


    leahyl wrote: »
    I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.

    the first thing you do when you have a ransomware attack is take everything offline


  • Registered Users, Registered Users 2 Posts: 24,559 ✭✭✭✭lawred2


    whippet wrote: »
    the first thing you do when you have a ransomware attack is take everything offline

    I doubt that poster meant just this morning


  • Registered Users, Registered Users 2 Posts: 10,273 ✭✭✭✭Hurrache


    Badly fukt wrote: »
    Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

    You think such exchanges involve a meet up on foggy bridge in the rain to hand over a suitcase of cash?


  • Registered Users, Registered Users 2 Posts: 14,357 ✭✭✭✭leahyl


    lawred2 wrote: »
    I doubt that poster meant just this morning

    Exactly, I meant in general


  • Registered Users, Registered Users 2 Posts: 4,541 ✭✭✭PokeHerKing


    whippet wrote: »
    one lad had a PO Box in Panama - send cash in the post and he would send you back the keys

    So ways and means before crypto. As the saying goes correlation does not imply causation.


  • Registered Users, Registered Users 2 Posts: 252 ✭✭Meirleach


    Well this is horrific. Could easily lead to lives lost.


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭davo2001


    The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

    The head of IT should be fired over this (but obviously he won't be).


  • Advertisement
Advertisement