[HN Gopher] Report shows HSE (Irish Health Service) hacked by ma...
___________________________________________________________________
Report shows HSE (Irish Health Service) hacked by malicious Excel
file [pdf]
Author : paradaux
Score : 73 points
Date : 2021-12-12 14:38 UTC (8 hours ago)
(HTM) web link (www.hse.ie)
(TXT) w3m dump (www.hse.ie)
| paradaux wrote:
| This report was released 9 days ago, this hack was widely
| discussed on HN when it happened
| (https://news.ycombinator.com/item?id=27152402) and I thought the
| formal postmortem would be of interest !
| comex wrote:
| > On the same day, the Attacker posted a link to a key that would
| decrypt files encrypted by the Conti ransomware. [..] Without the
| decryption key, it is unknown whether systems could have been
| recovered fully [..] but it is highly likely that the recovery
| timeframe would have been considerably longer.
|
| Is the implication that they paid the ransom?
|
| The report seems to go out of its way to avoid stating _why_ the
| attacker posted the decryption key.
| raverbashing wrote:
| Maybe, but unlikely. I think it's more of an "ethics" issue
| (read: attackers don't want to get more heat than needed and
| also the HSE would have trouble paying for it)
| Xelbair wrote:
| Usually the ransom is paid by 3rd party.
|
| Goverment agency hires a contractor for data recovery, the
| rate is Ransom + flat rate. they just pay the ransom and
| recover the data.
| paradaux wrote:
| The ransom was not paid, to the best of my knowledge,
| indirectly via a contractor as you stated or directly.
|
| https://www.rte.ie/news/2021/0520/1222857-hse-weekly-
| briefin...
|
| This is the government-funded news media organisation, akin
| to the BBC here -- but I have sufficient trust that they
| didn't
| lrem wrote:
| I imagine the hacker was somewhat upset by the fact that the
| victim seems unlikely to be able to pay up and people are about
| to start dying soon. Having blood on your hands is not only a
| different matter ethically, but changes the likelihood of law
| enforcement actually doing something against you.
| paradaux wrote:
| The health minister at the time explicitly stated that they did
| not pay the random, directly or indirectly (e.g. via a third
| party) although realistically not easily verifiable.
|
| The discussion at the time was the perpetrators didn't expect
| to have the effect they did, effectively halting the entire
| health service for several weeks to months. I think the ethics
| element as the other commenter stated is a valid one, as one is
| playing with another's life when you interfere with medical
| operations, routine or otherwise
| donalhunt wrote:
| Another theory floating around was that the publicity was
| good PR for the attackers.
| coldcode wrote:
| As usual people ignore messages that basically told them what was
| happening. Reminds me of the Target hack where they installed
| some anti hacking system which immediately tossed out warnings
| which seemed excessive so they turned it off for a few months.
|
| But security is an expense and people don't like paying money.
|
| A financial company I worked for in mid 2000's decided the only
| thing they needed to do was buy some encryption for the disks
| their databases ran on, which of course would do nothing to keep
| someone from just using SQL to extract all our customers credit
| card data.
| murphy214 wrote:
| What is an acceptable signal to noise ratio for a security tool
| to be useful? clearly some amount of false positives to any
| real threat ratio causes people to just ignore it completely.
| Cue me looking at my npm vulnerabilities with I install
| packages lol.
| rusk wrote:
| We're not talking about thermal noise here. Each and every
| signal has a determinate source. You need to go through each
| and every one, but doing this effectively often involves
| paying lots of money to "some nerds" (rather than your own in
| house supplicants) and that's where this kind of thing
| usually falls down.
___________________________________________________________________
(page generated 2021-12-12 23:01 UTC)