Ireland says it has refused to pay hacker’s demands after the Irish healthcare system was hit by a $20m ransomware attack.
Ireland has shut down IT infrastructure for its network on Friday after the country’s health health system was hit by a ransomware attack, with hackers demanding $20 million to regain access to its network.
The disruption has meant that hospitals and treatment clinics have extremely limited access to the Irish health system’s IT infrastructure, with reports of doctors and nurses unable to access patient records, while resorting to handwritten notes.
The Irish National Health Service has said in a statement that “we have taken the precaution of shutting down our IT systems in order to protect them from this attack and to allow us to fully assess the situation with our own security partners.”
A report from Bleeping Computer claims to have screenshots of conversations between the ransomware operators and the Irish health system operator, the Health Service Executive.
In that conversation, the hackers claimed to have captured more than 700GB of data from the HSE, which includes sensitive information on patients, employees, payroll information, financial statements, employee contracts and more.
The hackers wrote that “as you already know, we infiltrated your network and stayed in it for more than 2 weeks (enough to study all your documentation), encrypted your file servers, [and] downloaded all important information.”
“The good news is that we are businessmen. We want to receive ransom for everything that needs to be kept secret, and we don’t want to ruin your business. The amount at which we are ready to meet you and keep everything as collateral is $19,990,00.”
Irish Healthcare System Hit By $20m Ransomware Attack
Ireland’s Prime Minister, Taoiseach Michael Martin has issued a public statement saying that after consulting law enforcement and cyber security experts, Ireland will not be paying the demands of the hackers.
“We’re dealing with this in accordance with the advice we’ve received from cyber security experts, and I think we’re very clear that we will not be paying any ransom, or engaging in any of that sort of stuff, so we’re very clear on that, so the work continues.”
The Irish Health System was targeted with a form of ransomware that is known to originate from Russia, known as the Conti ransomware operation. Organisations are often targeted with phishing campaigns through malicious emails, and if certain links are clicked, the hackers can gain access to a network and begin installing malware into the network.
Bleeping Computer writes that “using this remote access, the threat actors spread laterally through a network while stealing credentials and harvesting unencrypted data stored on workstations and servers.”
“Once the hackers have stolen everything of value and gained access to Windows domain credentials, they wait for a quiet time during the week and deploy the ransomware on the network to encrypt all of its devices. The Conti gang then uses the stolen data as leverage to force a victim into paying a ransom by threatening to release it on their ransom data leak site if they are not paid.”
This is the third story of cyber criminals targeting healthcare infrastructure with ransomware attacks in the space of two weeks, after we reported on a cyber attack launched against Australian and U.S. healthcare providers.
Hackers often target healthcare organisations due to the sensitive nature of the data they collect, and the severity of the aftermath and clean-up in the event of a wide scale attack targeting vital health infrastructure.