On Friday the 14th of May, the news broke to the media that the HSE had fallen victim to an extremely sophisticated ransomware attack. The attack has since been called the most serious cybercrime in the history of the state. According to HSE chief executive Paul Reid, the cyberattack on IT systems in the health service will cost it at least €100 million. This is at the lower end of estimates of the total cost and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients.
What is a ransomware attack?
A ransomware attack is a type of malware that encrypts data or blocks access to services until a ransom – typically untraceable – is paid.
What kind of attack was it?
The attack has been identified as a Conti ransomware attack which is a highly targeted and human-operated “double extortion” ransomware. This type of attack steals information, encrypting it while threatening to publish the stolen information online.
How was the attack identified?
The attack was focused on accessing data stored on the central server. Servers can become compromised in various ways through weak passwords, phishing emails, DDoS (Distributed Denial of Service ) or weak Wi-Fi servers. The attack was identified in the early hours of Friday morning the 14th of May 2021. Reports claim that a number of DDoS attacks were made on parts of the HSE IT system on Thursday, which was regarded as routine at the time. However, there is now speculation that they were forerunners for the bigger attack, and that those behind this were “knocking on the door”.
What does the attack look like?
Imagine the scene: you’re an IT admin and you turn up for work on a Friday morning to find your IT systems are down and no one can access or run anything. On your computer screen, there is a message telling you that your systems and data have been encrypted with Conti ransomware and you need to pay a ransom for the attackers to decrypt compromised files and delete stolen information.
Example of a Conti Scam Message:
What businesses can do
There are some proactive steps you can take to enhance your IT security for the future, including:
- Monitor your network security 24/7 and be aware of the three early indicators to stop ransomware attacks before they launch
- Enforce the use of Two-Factor Authentication (2FA) on all important online accounts
- Educate employees on what to look out for in terms of phishing emails and monitor stolen credentials (staff logins and passwords) belonging to the business domain on the Dark Web
- Keep regular backups of your most important and current data on an offline storage device. The standard recommendation for backups is to follow the 3-2-1 method: 3 copies of the data, using 2 different systems, 1 of which is offline
- Prevent attackers from getting access to and disabling your security: choose an advanced solution with a cloud-hosted IT infrastructure with Role-Based Administration to limit access rights
- Remember, there is no single silver bullet for protection, and a layered, defence-in-depth security model is essential – extend it to all endpoints and servers and ensure they can share security-related data
- Have an effective incident response plan in place and update it as needed.
Get in touch
If you are concerned about your IT security then contact your Radius Account Manager, email firstname.lastname@example.org or call us on 0818592500.