Home Cyber Crime Irish healthcare shuts down IT systems after Conti ransomware attack

Irish healthcare shuts down IT systems after Conti ransomware attack


Irish healthcare shuts down IT systems after ransomware attack

Eire’s Well being Service Government (HSE), the nation’s publicly funded healthcare system, has shut down all IT techniques after its community was breached in a ransomware assault.

HSE Chief Government Paul Reid told NewstalkFM that it is a “Conti human-operated ransomware assault that seeks to get entry to knowledge.”

This ransomware gang additionally hit the Scottish Environment Protection Agency (SEPA) on Christmas Eve, later publishing roughly 1.2 GB of stolen knowledge on their dark web leak site.

Conti ransomware was first noticed in remoted assaults on the finish of December 2019. It shares code with the notorious Ryuk Ransomware, whose TrickBot-powered distribution channels it took over after Ryuk exercise dwindled in July 2020.

Conti operators are identified for breaching enterprise networks and spreading laterally till having access to area admin credentials which permit them to deploy the ransomware payloads filelessly, utilizing reflective DLL injection methods.

Conti operates as a non-public Ransomware-as-a-Service (RaaS) that recruits hackers to deploy the ransomware in trade for giant shares of any paid ransom.

A pattern of the ransomware used within the HSE assault and shared with BleepingComputer appends the .FEEDC extension to encrypted information.

Conti HSE ransom note
Conti HSE ransom be aware

All HSE IT techniques shut down

“There’s a important ransomware assault on the HSE IT techniques,” the Irish nationwide well being service said.

“This has brought on some disruption to our companies. However most healthcare appointments will go forward as deliberate.

“We’ve got taken the precaution of shutting down all our IT techniques as a way to shield them from this assault and to permit us absolutely assess the scenario with our personal safety companions.”

HSE Eire additionally added that the nation’s Nationwide Ambulance Service and emergency departments (EDs) function usually, with no direct affect from the ransomware assault on ambulance dispatch and name dealing with.

Regardless that most hospital appointments aren’t affected, some hospitals are affected by service disruptions, together with the Rotunda Maternity Hospital and the Cork College Hospital, the place some appointments have been canceled (extra data here.)

Whereas COVID-19 vaccine appointments aren’t impacted and scheduled COVID-19 checks are going forward as deliberate, the HSE will be unable to refer folks for COVID-19 checks till techniques are introduced again on-line.

No data on the ransom demanded by Conti

Reid additionally told RTÉ earlier in the present day that the risk actors behind this “very subtle assault” have not but made a ransom demand.

He added that HSE’s safety groups are presently investigating the incident to totally perceive the results of the incident.

“We apologize for inconvenience brought on to sufferers and to the general public and can give additional data because it turns into obtainable,” the HSE said.

In March, US hospital and healthcare companies supplier Common Well being Providers (UHS) mentioned {that a} Ryuk ransomware attack suffered in September 2020 had an estimated impact of $67 million.

The US authorities additionally warned the healthcare industry in October 2020 {that a} hacking group is concentrating on hospitals and healthcare suppliers in Ryuk ransomware assaults.

The ransomware assault on Eire’s HSE comes one week after Colonial Pipeline, the most important US gasoline pipeline, shut down operations after the DarkSide ransomware gang breached its network.

Source link