Ransomware ravages Ireland's health service - experts comment
A ransomware attack on Ireland’s Health Service Executive (HSE) over the weekend has left the country scrambling and systems shut down, with Ireland’s National Cyber Security Centre pointing to the ‘Conti’ ransomware variant. Here’s what cybersecurity experts have to say about the attack.
ThycoticCentrify chief security scientist Joseph Carson:
“It is clear that cybercrime groups are not above targeting the healthcare sector or critical infrastructure with ransomware, making them no longer just digital thieves but now digital terrorists. When your motive is financial that is one thing, but when you put people’s lives at risks it is a serious impact to society.
"Cybercrime groups have to realise that targeting healthcare or critical infrastructure during a global pandemic will result in unnecessary deaths. If you do become a victim of Ransomware, you typically only have a few choices and one of them is to decide on whether to pull the plug on the systems and network which appears to have been the decision on recent ransomware victims.”
ESET cybersecurity specialist Jake Moore:
“Nearly four years to the day since WannaCry hit the NHS and another national health service is struck by ransomware. Astonishingly, this continues to happen with simple protection measures being overlooked. Multiple organisations from various sectors are constantly being attacked and lessons are clearly not being learnt.”
F-Secure director of detection and response Matt Lawrence:
“We hope that Ireland’s health service can recover as quickly as possible to minimise the damage and risk to life. Since 2019, the healthcare sector has seen a shift from breaches caused by Internal actors to primarily External actors. Healthcare now matches the trend seen in other sectors and reflects how, in recent years, human-operated ransomware has become a prevalent and an impactful threat to organisations worldwide.”
Proofpoint director, public sector UK & Ireland Peter Carthew:
“From an attacker’s perspective, healthcare organisations are high-value targets for ransomware attacks as they would have the highest motivation to pay up to restore systems quickly. Given the nature of the industry, healthcare personnel are often severely time-constrained, leading them to click, download, and rapidly handle email, while possibly falling victim to carefully crafted social engineering-based email attacks.
"Potentially vulnerable life-saving equipment and highly publicised ransom payments further increase the attractiveness of this sector for attackers distributing ransomware.”
MTI head of cybersecurity Mark Harrison:
“Rather than a lucky strike, this attack will have been planned extensively and the attackers will likely have been inside, profiling the network for some time; usually around 3 months. In these scenarios, threat actors will rarely launch the attack before they have sufficient understanding of the network, defences, data locations and backup stores to ensure they put the victim in a position where they have to pay.
“The key question the HSE will be looking to answer now is: can we recover our data? This will come down to the security of their backups and whether they have either offline or immutable copies. Human-operated ransomware will nearly always target backups first, before moving through the network to encrypt a broader range of files and servers. If this is the case here, HSE may find itself operating in the worst-case scenario."
Bitglass CTO Anurag Kahol:
“To prevent future ransomware attacks and safeguard highly sensitive information, organisations must have full visibility and control over their data. This can be accomplished by leveraging multi-faceted solutions that defend against malware on any endpoint, enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, and prevent data leakage.
"What’s more, healthcare organisations need to ensure adequate employee training to protect from ransomware. Employees must be able to identify phishing attempts and illegitimate emails, which is the primary vector for ransomware attacks.”
ExtraHop senior security engineer Jamie Moles:
"Irish health service funding this year has soared to 22 billion Euros - largely due to the pandemic - but this will mostly be spent on triaging patients not triaging IT Security problems. However, ransomware attacks can be fatal for patients too. Only a few months ago, the first death associated with ransomware occurred in Germany, as an ambulance was redirected to another hospital which delayed the patient's treatment by an hour. The patient sadly died shortly after.”
Barracuda Networks consulting solutions engineer Charlie Smith:
“Combatting this threat demands all healthcare services and other high target organisations to invest in a third party cloud-enabled data backup solution so that stolen data can instantly be retrieved, and thus a breach of data does not necessarily equate to disrupted systems or a demand for ransom.
“These healthcare organisations can not afford to allow these cyber attackers to affect them during this crucial period in our battle against COVID-19, but they can afford to invest in the right security provisions to ensure it doesn’t happen again.”
Nominet government cybersecurity expert Steve Forbes:
“It is an increasingly alarming pattern of criminal behaviour and one that demonstrates the absolute necessity for governments and the cybersecurity community to collaborate to protect our most critical national infrastructure and disrupt global ransomware activity.
"This will require coordination between governments, the private sector and CNI organisations to create a proactive approach to ransomware that removes the option of paying the ransom, which only serves to encourage and fund criminal organisations."