Ransomware & HSE

whippet · 14-05-2021 7:32am #1

https://www.rte.ie/news/health/2021/0514/1221519-hospital-it-problem/

These ransomware attacks are already causing so much disruption ... but when they target healthcare it becomes a matter of life an death.

Fingers crossed the back ups were protected and the restore isn't too big a job

DaSilva · 14-05-2021 7:35am

I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

Wanderer78 · 14-05-2021 7:36am

There's just some complete arseholes on this planet, I understand some could be extremely poor, and some are just simply cnuts, another sh1t storm our health system has to deal with, hopefully this might force them to update our system now

Wanderer78 · 14-05-2021 7:37am

DaSilva wrote:

I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

Cryptos regularly experience pump and dumps anyway, nature of that beast

whippet · 14-05-2021 7:38am

DaSilva wrote: »

I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

I see your point - however the value of Bitcoin etc would have little bearing - it's the existence of a currency that is easy to hide is the problem. Regardless of the value of bitcoin they would just look for enough of it to make it worth their while.

Also - getting the encryption keys back through paying a ransom is only half the battle - the rebuild of systems is crippling

The J Stands for Jay · 14-05-2021 7:38am

Didn't this happen to the HSE about 3 years ago? I wonder what lessons they learned from it?

Wanderer78 · 14-05-2021 7:39am

whippet wrote:

I see your point - however the value of Bitcoin etc would have little bearing - it's the existence of a currency that is easy to hide is the problem. Regardless of the value of bitcoin they would just look for enough of it to make it worth their while.

Bitcoin isn't a currency at all

14-05-2021 7:41am

Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

whippet · 14-05-2021 7:43am

Badly fukt wrote: »

Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

Wanderer78 · 14-05-2021 7:45am

whippet wrote:

We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

Some nice revenge hacks on YouTube, they definitely don't like it when the shoes on the other foot

14-05-2021 7:49am

Knowing how fragmented our HSE systems are, there has patently been lack of overall investment in IT here. It's not a bit surprising this has happened, especially at a time when vaccine rollout has been an added demand and one that has brought attention to potential exploitation.

Somebody told me how they were trying to register on the portal for the vaccine for three days back and couldn't succeed, so that is likely enough symptomatic of an overall opportune attack on HSE.

14-05-2021 7:51am

whippet wrote: »

if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

Simply because they are a step above the normal criminal, professionals. Crypto itself is recorded and transparent.

conor_mc · 14-05-2021 7:51am

[Deleted User] wrote: »

Nonsense, crypto isn't easier to hide, it's all recorded on the blockchain in fact harder to hide

Anonymous ownership is one of the key “benefits” of crypto’s. That’s why nobody knows who Satoshi whatsisname actually is.

Every currency is underpinned by an economy... in this case, the global criminal economy.

And don’t even get me started on the stupidity of burning millions of tons of coal to “mine” the stuff in the midst of an existential climate crisis.

It’s a cancer on global society.

.42. · 14-05-2021 7:53am

Are the HSE still using redundant OS like Windows XP?

14-05-2021 7:53am

whippet wrote: »

if that is the case why haven't we seen these hackers tracked down and prosecuted - if there is a money trail surely it would be easy.

We only hear of the big cases like the HSE etc but there are thousands of companies every day getting hacked and paying ransom

Could be a solely a mischief attack by cnut who knows the vulnerabilities of the systems.

14-05-2021 7:53am

conor_mc wrote: »

Anonymous ownership is one of the key “benefits” of crypto’s. That’s why nobody knows who Satoshi whatsisname actually is.

Every currency is underpinned by an economy... in this case, the global criminal economy.

And don’t even get me started on the stupidity of burning millions of tons of coal to “mine” the stuff in the midst of an existential climate crisis.

It’s a cancer on global society.

Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

14-05-2021 7:54am

.42. wrote: »

Are the HSE still using redundant OS like Windows XP?

No mostly windows 7 though which is also end of life

touts · 14-05-2021 7:56am

If one person dies as a result of the health systems being down it should be treated as murder and an act of terrorism.

After the attack on the oil pipeline in the US I suspect those bastards will be getting a visit from Seal Team 6 anyway. Don't know if it is the same terrorist group who attacked the US but clearly this has stepped up and we need to step up our response accordingly.

whippet · 14-05-2021 7:56am

these attacks normally come in via a phishing email ... in which the user clicks on a link and they are in .... spend a few days looking around and encrypting fileshares - looking to see if they can see the backups and encrypt those also - and when they think they have done enough push the button and say - 'hey give me loads of bitcoin and you can get the encryption keys'

Calahonda52 · 14-05-2021 7:56am

Deleted User wrote: »

Knowing how fragmented our HSE systems are, there has patently been lack of overall investment in IT here. It's not a bit surprising this has happened, especially at a time when vaccine rollout has been an added demand and one that has brought attention to potential exploitation.

Somebody told me how they were trying to register on the portal for the vaccine for three days back and couldn't succeed, so that is likely enough symptomatic of an overall opportune attack on HSE.

under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
The portal delay is a different issue

14-05-2021 7:57am

[Deleted User] wrote: »

No mostly windows 7 though which is also end of life

That's like where I worked in local authority, Windows 7. Public services always go for the cheapest available anything, not the most cost-effective in the long run.

conor_mc · 14-05-2021 7:58am

[Deleted User] wrote: »

Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

Agreed, but it was bulky and awkward. And difficult/dangerous for criminals to collect a ransom.

14-05-2021 7:59am

Calahonda52 wrote: »

under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
The portal delay is a different issue

Password updates had improved greatly by the time I retired. Earlier it was plain hilarious.

PokeHerKing · 14-05-2021 8:00am

DaSilva wrote: »

I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days

is_that_so · 14-05-2021 8:03am

Calahonda52 wrote: »

under investment is one thing, poor passwords, social engineering, inside job, back doors, lax admin controls etc is another issue.
The portal delay is a different issue

That sounds likes a whole lot of entities, not just the HSE and they all have the same weak link - people. The only positive here is that the HSE is not long out of the paper pile and can revert to it to recover from this.

DaSilva · 14-05-2021 8:09am

PokeHerKing wrote: »

Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days

I know crypto isn't the cause of crime and unrelated to most crime, but don't you think ransomware attacks become far more expensive and risky for the attacker if cryptocurrencies are not an option?

touts · 14-05-2021 8:13am

PokeHerKing wrote: »

Ah yes I long for the days before cryptocurrencies when there was no crime, ransoms or money laundering. Those were the days

Anti money laundering laws and policies were making a difference. It may not have been perfect but it WAS making a difference. Cryptocurrencies have completely bypassed and undermined those laws and policies and most of their early appeal was precisely for that. Those who trade in these unregulated and untraceable "currencies" remind me of the lad who likes a hit of cocaine but only at the weekend and insists he doesn't support the drug trade.

PokeHerKing · 14-05-2021 8:14am

DaSilva wrote: »

I know crypto isn't the cause of crime and unrelated to most crime, but don't you think ransomware attacks become far more expensive and risky for the attacker if cryptocurrencies were not an option for the attackers?

I've genuinely no idea. Id have to see some sort of stats on the subject. Have they increased with cryptos or just increased in line with our technological age?

whippet · 14-05-2021 8:19am

PokeHerKing wrote: »

I've genuinely no idea. Id have to see some sort of stats on the subject. Have they increased with cryptos or just increased in line with our technological age?

I'm in IT for over two decades and I have yet to come across a ransomware attack where the attackers asked for a wire transfer or bank notes

PokeHerKing · 14-05-2021 8:21am

touts wrote: »

Anti money laundering laws and policies were making a difference. It may not have been perfect but it WAS making a difference. Cryptocurrencies have completely bypassed and undermined those laws and policies and most of their early appeal was precisely for that. Those who trade in these unregulated and untraceable "currencies" remind me of the lad who likes a hit of cocaine but only at the weekend and insists he doesn't support the drug trade.

I mean Revolut probably aided in the exchange of money for drugs. So what? Most new technologies aid humans for good or bad depending on their use. Crypto is definitely traceable but whether its worth the current hassle for law enforcement is another matter.

Banks are still by a country mile the biggest facilitators of illegal money.

JDxtra · 14-05-2021 8:21am

Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?

harr · 14-05-2021 8:21am

The Israelis not happy with some of the flack they are getting from this country... maybe .. or is that more of a conspiracy thread post

PokeHerKing · 14-05-2021 8:24am

whippet wrote: »

I'm in IT for over two decades and I have yet to come across a ransomware attack where the attackers asked for a wire transfer or bank notes

So in the early 00s before crypto where there any ransomeware attacks?

hmmm · 14-05-2021 8:24am

The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

whippet · 14-05-2021 8:33am

PokeHerKing wrote: »

So in the early 00s before crypto where there any ransomeware attacks?

there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.

arctictree · 14-05-2021 8:36am

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

whippet · 14-05-2021 8:36am

hmmm wrote: »

The Government should get the Russian ambassador in and demand to know what they are doing to prevent these types of attack.

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

If you think the Russian ambassador would even entertain such a call your very wet behind the ears - think about what they Russians have done on UK soil in the likes of Salisbury to know they couldn't give a monkies what other governments think of them

hmmm wrote: »

Not all attackers are from Russia, but most are, and they are becoming impossible to stop. They only need to find one small weakness, and the defenders have a million things to try and secure. Anyone who claims ransomware is easy - "just backup", "install patches", "use a firewall" - hasn't a clue how difficult this is.

absolutely

whippet · 14-05-2021 8:39am

arctictree wrote: »

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

if you don't pay the hackers will just move on to the next target.

Depending on if or how badly their back-ups / DR was impacted will dictate the time and cost to the HSE to get back up and running.

this could be months and months .. but at this stage there is no knowing.

Sometimes it might make economical sense to pay the ransom - but even at that there will be a massive job of work to get everything back online - you have to assume that every data store, every file still has malicious code embedded.

Just restoring everything could mean that in a couple of weeks your back to square one

is_that_so · 14-05-2021 8:40am

arctictree wrote: »

I assume since this is all over the media that they can't pay the ransom now. So I wonder what the next steps are for the hackers?

Well they won't release the system for one. The HSE will then have to recover the system from backups, mostly paper by the sounds of things!

KildareP · 14-05-2021 8:42am

JDxtra wrote: »

Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?

My thoughts too. Usually these are purely opportunistic attacks except you only hear about then when it hits big organisations like the HSE, NHS, etc.

PokeHerKing · 14-05-2021 8:43am

whippet wrote: »

there was of course but few and far between ... but with the rise of crypto it has become prevalent - personally I know of about 20 companies in Ireland who have been hit in the last 6 months .. all to differing degrees of seriousness.

So for the ones before crypto how did they get paid?

We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?

Flinty997 · 14-05-2021 8:43am

PokeHerKing wrote: »

So in the early 00s before crypto where there any ransomeware attacks?

Wasn't much encryption back then either.

whippet · 14-05-2021 8:45am

PokeHerKing wrote: »

So for the ones before crypto how did they get paid?

We are online now more than ever, in 2007 before BTC there was also alot less companies to attack. The HSE and even some banks where still using paper and portals with no Internet connection. So is it crypto or is it just the new age?

one lad had a PO Box in Panama - send cash in the post and he would send you back the keys

leahyl · 14-05-2021 8:50am

.42. wrote: »

Are the HSE still using redundant OS like Windows XP?

I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.

whippet · 14-05-2021 8:55am

leahyl wrote: »

I work in a University and have communcations with the HSE and some of them have extreme difficulty in even accessing microsoft Teams for meetings. Their IT infrastructure sounds very bad.

the first thing you do when you have a ransomware attack is take everything offline

lawred2 · 14-05-2021 8:59am

whippet wrote: »

the first thing you do when you have a ransomware attack is take everything offline

I doubt that poster meant just this morning

Hurrache · 14-05-2021 9:00am

Badly fukt wrote: »

Cash has anonymous ownership, I've no idea how much you have, you've no idea how much I have. If I gave you some nobody would know

You think such exchanges involve a meet up on foggy bridge in the rain to hand over a suitcase of cash?

leahyl · 14-05-2021 9:03am

lawred2 wrote: »

I doubt that poster meant just this morning

Exactly, I meant in general

PokeHerKing · 14-05-2021 9:06am

whippet wrote: »

one lad had a PO Box in Panama - send cash in the post and he would send you back the keys

So ways and means before crypto. As the saying goes correlation does not imply causation.

Meirleach · 14-05-2021 9:11am

Well this is horrific. Could easily lead to lives lost.

davo2001 · 14-05-2021 9:17am

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

Ransomware & HSE

Comments