Eire’s well being service, the HSE, says they’re refusing to pay a $20 million ransom demand to the Conti ransomware gang after the hackers encrypted computer systems and disrupted well being care within the nation.
Eire’s Well being Service Government (HSE), the nation’s publicly funded healthcare system, shut down all of their IT methods on Friday after suffering a Conti ransomware attack.
“We’ve taken the precaution of shutting down all our IT methods with the intention to defend them from this assault and to permit us totally assess the scenario with our personal safety companions,” the Irish nationwide well being service said.
This IT outage has led to widespread disruption within the nation’s healthcare, inflicting restricted entry to diagnostics and medical information, transcription errors attributable to handwritten notes, and gradual response instances to healthcare visits.
Hackers demand a $20 million ransom
Yesterday, a cybersecurity researcher shared a screenshot of a chat between Conti and Eire’s HSE with BleepingComputer.
Within the screenshot, the Conti gang claims to have had entry to the HSE community for 2 weeks. Throughout this time, they declare to have stolen 700 GB of unencrypted recordsdata from the HSE, together with affected person information and worker information, contracts, monetary statements, payroll, and extra.
Conti additional acknowledged that they would offer a decryptor and delete the stolen information if a ransom of $19,999,000 is paid to the risk actors.
BleepingComputer was additionally advised that the risk actors shared a pattern of stolen paperwork within the chat. Nevertheless, BleepingComputer didn’t obtain these paperwork and can’t verify in the event that they comprise authentic information belonging to the HSE.
In a press assertion yesterday, Taoiseach Micheál Martin, the Prime Minister of Eire, stated that they’d not be paying any ransom.
‘We’re very clear we is not going to be paying any ransom or participating in any of that form of stuff’ Taoiseach @MichealMartinTD says of the ransomware assault on the HSE | Stay weblog: https://t.co/itscpwqdS7 pic.twitter.com/Pl4A4JNOST
— RTÉ Information (@rtenews) May 14, 2021
This group makes use of phishing assaults to put in the TrickBot and BazarLoader trojans that present distant entry to the contaminated machines.
Utilizing this distant entry, the risk actors unfold laterally via a community whereas stealing credentials and harvesting unencrypted information saved on workstations and servers.
As soon as the hackers have stolen every little thing of worth and gained entry to Home windows area credentials, they anticipate a quiet time through the week and deploy the ransomware on the community to encrypt all of its gadgets.
The Conti gang then makes use of the stolen information as leverage to power a sufferer into paying a ransom by threatening to launch it on their ransom data leak site if they’re not paid.
Different high-profile ransomware assaults carried out by Conti previously embrace FreePBX developer Sangoma, IoT chip maker Advantech, Broward County Public Schools (BCPS), and the Scottish Environment Protection Agency (SEPA).