Contiransomware Syndicate Behind Attacks on Irish Medical Services

Catastrophic Ransomware attack on Irish Health Service Executive (HSE) was reportedly the work of the Conti ransomware gang, also known as Wizard Spider.

Irish National Cyber ​​Security Center (NCSC), Leading triage and researchSaid that it has activated incident response procedures and is providing HSE with ongoing support. Suspicious activity was also detected on the Ministry of Health (DoH) network, but the attack could be thwarted before the ransomware was implemented. I believe the attempted attack was part of the same campaign.

“Because the hospital is implementing a business continuity plan, it has a serious impact on medical operations and some non-emergency procedures have been postponed,” the NCSC said in a statement.

Details of the incident were detailed on the weekends of May 15 and 16, 2021, as hospitals across the country reported a major disruption of patient service after news of the first attack on Friday morning, May 14 was reported. It started to become clear.A complete breakdown of the current turmoil You can find it herePlease note that the Irish Covid-19 vaccination program is proceeding normally.

What is supposed to be a screenshot of the ransom memo received by HSE – Published by Bleeping Computer – Conti Crime Gang ( Handed over the British retailer Fat Face I accessed the HSE network at the end of April (early of this year).

According to this memo, the gang encrypted the file and SQL servers and downloaded over 700 GB of personal information (PII). This includes addresses and phone numbers of patients, doctors and nurses, salary information, employment contracts and more. The gang is probably demanding a ransom of $ 19,999,000.

Conti ransomware first appeared about 12 months ago and shares similarities with other families of ransomware that are widely used by healthcare organizations. Ryuk etc. – In fact, Cybereason’s research reveals a clear link between Ryuk and Conti. Wizard Spider enthusiastically switched from Ryuk to Conti. Selected ransomware..

Gangsters perform double blackmail tactics, name and embarrass victims, and leak data to the dark web if they don’t play the ball, as is now almost standard practice.

Peter Mackenzie, Manager of the Sophos Rapid Response team, said:Sophos Rapid Response We have been involved in 10 Conti ransomware incidents so far, and research shows that Conti ransomware has been developing rapidly in the last 12 months.

“Conti is a human-led” hands-on keyboard “ransomware that encrypts data and spreads it quickly across the target system. It is also known as “double blackmail” ransomware, which threatens and encrypts information by stealing and disclosing it. The Conti News site has published data stolen from at least 180 victims so far.

“Unfortunately, the reliability of services and care can be a life-threatening issue, so the healthcare sector is a major target for adversaries. This sector is also a huge amount of personal and sensitive information. , And holds sensitive information, “says Mackenzie.

The latest of Sophos Ransomware status According to the report, 34% of medical institutions have experienced some form of ransomware attack since the start of the Covid-19 pandemic, and one-third of them paid the ransom. Of those who were not attacked, 41% resigned as “a matter of time” and 55% believed that the ransomware attack was too sophisticated to stop.

“Healthcare-targeted enemies know that victims want to prioritize patient privacy and care, so they expect to pay a lot and they’re hitting a pain point,” Mackenzie said. It was.

Contiransomware Syndicate Behind Attacks on Irish Medical Services

Source link Contiransomware Syndicate Behind Attacks on Irish Medical Services

Back to top button