HSE will not pay ransom after hackers name their price
Chief executive confirms FBI, National Crime Agency, Europol have joined effort to trace Wizard Spider group
17 May 2021 | 0
The chief executive of the HSE, Paul Reid, has confirmed the organisation will not be paying to have its data released by an Eastern European-based hacker collective.
According to a report on the website BleepingComputer.com the group known as Wizard Spider has asked for $19,999,000 for 700GB of data including employee and patient names, address, phone numbers collected over a two-week period.
Speaking on Morning Ireland, Reid said the ransom would not be paid and confirmed the recovery effort was now being handled by “national security teams”. He also said the National Centre for Cyber Security was being joined by from the FBI, UK’s National Crime Agency and Europol to track down the group.
Reid also revealed the attack on the HSE’s IT systems would cost “tens of millions” to fix and described it as a “serious criminal act”.
Wizard Spider has a history of performing for-profit ransomware attacks that has netted it millions of euro since its formation in 2008. It has been reported that the group left an invitation for the Department to join it on a website in the Dark Web to discuss terms for the release of data that had been inaccessible since Friday’s attack.
It has also been revealed that the Department of Health suffered a similar attack last Thursday but it had been largely unsuccessful.
According to a report released last year by Check Point, healthcare organisations around the world are proving increasingly popular with cybercriminals. In the period November-December 2020 there was a 45% increase in such attacks to 626 per week – more than double the percentage rise compared to all industry sectors worldwide at 430 per week. The report speculates that the need to have rapid access to patient data during the Covid-19 pandemic makes targets more likely to pay a ransom and move on than put together a measured response.
Check Point noted the broad swathe of vectors through which ransomware – such as the Conti variant used in the HSE attack – is infecting networks, from opening links that release Trojans such as TrickBot and Dridex to using personal devices that may have been infected at home or other less secure location.
The attack has shone a light on the resources allocated to the National Cyber Security Centre, which employs 24 staff, has a budget of €5 million but no office. It has been operating without a director for a year, though the post has been advertised with a salary of €87,000.
Speaking on Today with Claire Byrne, Minister for eGovernment Ossian Smyth confirmed that no data had been lost as the Executive’s backup servers were unaffected. He also confirmed that no records with clinical data had been compromised and that major hospitals such as the Mater, St Vincent’s and St James’s have been unaffected as they operate their own systems.
Correction: HSE chief executive Paul Reid was initially identified as Paul Dwyer. TechCentral.ie apologises for any confusion.