Following on from the cyber attack on the US pipeline, overnight there was a significant and serious attack on the HSE in Ireland ( Ireland’s NHS ) which has caused a shutdown of most non urgent healthcare in the country today

It’s being described as a ransom attack

We hear that a ransom was paid in the US attack, is this going to be the new “thing”

Is it state sponsored or criminal ?

Surely an attack on a country’s infrastructure should be classed as an act of terrorism or at the least a hostile act ?

Should ransom’s be paid ?

https://www.rte.ie/news/health/2021/0514/1221519-h...

https://www.rte.ie/news/health/2021/0514/1221537-h...

The reality of it is that these hackers are based out of Russia and other 'untouchable' countries.

The powers that be are interested, but this ^^^ prevents them from taking any action.

Sounds like a cheap punishment for not patching antique Exchange systems

Criminal and state sponsored are oft interchangeable in some areas.

Easier said than done for all but the simplest organisations and IT estates. That approach might protect you from script kiddies and opportunist attacks, but if an organised team want to access your networks they likely will.

Few businesses want to invest in properly architecting and securing their IT estate because it's really, really expensive, reduces agility and is difficult to do properly.

I reckon the way this sort of attack works is the culprits scan the whole Internet looking for vulnerable servers - i.e. they don't think "Ooh, let's attack this company."

So, in effect, the victims self-select by failing to keep their software updated.

Brian Krebs has an interesting article if you want to know more about the attackers and some of the negotiations that take place post-attack:

https://krebsonsecurity.com/2021/05/a-closer-look-...

The Irish Health service has been hit by another attack with reports of the attackers demanding $20m dollars to cease

Messages and links to the dark web have apparently been left on the computer systems

700GB of “unencrypted” files, including patient and employee information, are also alleged to have been stolen.

The HSE have confirmed a ransom demand but are saying the matter is now in the hands of the cyber crime unit and Interpol

The first part certainly is - however, the effective backup structure is bang on. I've worked for enterprise backup vendors for over 20 years and it is terrifying how laissez-faire organisations are about backup.

I have seen large insurance and legal companies solely using storage snapshots for protection and recovery. I have spoken to public sector organisations who have suffered devastating attacks, talked to vendors about how to prevent future attacks and carried on regardless.

There has been a long held policy in the majority of IT departments to starve backup of resources. Chickens are coming home to roost.



On the flip side, the company I work for has a customer who suffered a bad attack - recovered their backups successfully over a weekend. When they suffered a second attack, they refused to pay the ransom. So the ransomware gang informed them they were going after the backups. They were so assured by their first experience they told the ransomware gang to go for it. I believe their frontline security is now stronger, but they're still confident of recovery if they go down again.

We've a twenty year old device doing some stuff, it's abhorrent.

I bet the CEO wouldn't be seen dead in anything that old except a hooker.