CYBERATTACK THREAD .. Countries, Govs, Corporate etc

soccop

Pavlov rings my bell.
Staff member
Moderator
Member
Nov 28, 2018
8,961
8,641
Temporally dislocated.



Min for Health thinks it’s disgraceful that law firms are licking their lips at the prospect of suing the state over data breaches. My experiences this is the only way to get the Department of health to do anything. Headless chicken panic will ensue.
 
Feb 26, 2019
151
147

Robutnua

Member
Nov 28, 2018
12,353
5,611
Just got an email from one of the HOST COMPANIES I use for client websites:

There are currently a number of ISP & Hosting Providers in Ireland being targeted with DDOS attacks on their networks.

Most Service Providers have been put on high alert that there could be widespread disruption to networks this Friday, 21st May 2021

Warnings have been issued by a group that DDOS attacks will be launched against all Irish ISP's, demanding bitcoin payments to prevent the attack.

So it really does look like WE ARE IT at the moment, the whole bloody country
 

Bonkers

Member
Feb 15, 2019
4,250
4,038
Just got an email from one of the HOST COMPANIES I use for client websites:

There are currently a number of ISP & Hosting Providers in Ireland being targeted with DDOS attacks on their networks.

Most Service Providers have been put on high alert that there could be widespread disruption to networks this Friday, 21st May 2021

Warnings have been issued by a group that DDOS attacks will be launched against all Irish ISP's, demanding bitcoin payments to prevent the attack.

So it really does look like WE ARE IT at the moment, the whole bloody country
Is there anything to stop these people attacking planes whilst in flight? If they attack the electricity network it would lead to total chaos.
 

publicrealm

Member
Nov 27, 2018
6,895
9,368
I wonder would it be possible for Governments to somehow freeze all bitcoin accounts - say for a week or two - and then give investors a month to cash out - prior to banning cryptocurrency?
 

CarlDoyle

Member
Feb 10, 2021
201
129
I wonder would it be possible for Governments to somehow freeze all bitcoin accounts - say for a week or two - and then give investors a month to cash out - prior to banning cryptocurrency?
Uh, how do you "cash out" in that case? Who do you sell to?

Do you mean only Irish residents are banned? In that case, it does nothing to help. If Bitcoin is only traded in other countries, it can still be used.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
As i mentioned above .. tomorrow is a big day for our HOST COMPANIES. Remember last week Blacknight & there client sites / email were down or slow.

Why should this bother you? Well websites down or slow across the country and possibly your email not working

21st is pencilled in as DDOS attack day on all Irish host companies and continuing daily after that unless bitcoin paid to stop these attacks by each host company. Looking like it will be sustained attack, getting worse each day
 

publicrealm

Member
Nov 27, 2018
6,895
9,368
Uh, how do you "cash out" in that case? Who do you sell to?

Do you mean only Irish residents are banned? In that case, it does nothing to help. If Bitcoin is only traded in other countries, it can still be used.
I really don't know how you cash out - and tbh I don't especially care - if the currency doesn't have some intrinsic value then it may have been unwise to invest in it?

Of course it may be impossible to close the stable door at this stage - I really know nothing about cryptocurrency.
 

Bonkers

Member
Feb 15, 2019
4,250
4,038
Uh, how do you "cash out" in that case? Who do you sell to?

Do you mean only Irish residents are banned? In that case, it does nothing to help. If Bitcoin is only traded in other countries, it can still be used.
The damned thing should be banned. If people lose money that’s tough. It’s used for all sorts of illegality with zero regulation.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
The damned thing should be banned. If people lose money that’s tough. It’s used for all sorts of illegality with zero regulation.
And untraceable and anonymous .. gardai, interpol etc cannot trace it. There is always a way of sorting things like this internationally, however THE WILL to do it is the thing
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
BREAKING - WELCOME NEWS ..


The ransomware group targeting the HSE has given the Irish authorities a decryption tool that it says will enable them to recover their IT systems and the files that hackers locked and encrypted.

However, the Russian-speaking cyber gang behind the attack is still threatening to share the information, including personal information relating to patients, on the darknet and to sell some of it to other criminals if the ransom is not paid.

.. cyber security professionals who spoke to The Irish Times on Thursday said the decryption tool offered by the ransom gang to the HSE appears to be genuine.


The same cyber security sources believed the gang may be acting out of concern that their attack on the HSE had become so large scale and was attracting so much attention they wanted to diffuse the situation.

OR did the ransom get paid, quietly and deal was hacker group say they gave the decryp keys for free
 
Last edited:

seanof

Member
Nov 27, 2018
2,473
2,405
BREAKING - WELCOME NEWS ..


The ransomware group targeting the HSE has given the Irish authorities a decryption tool that it says will enable them to recover their IT systems and the files that hackers locked and encrypted.

However, the Russian-speaking cyber gang behind the attack is still threatening to share the information, including personal information relating to patients, on the darknet and to sell some of it to other criminals if the ransom is not paid.

.. cyber security professionals who spoke to The Irish Times on Thursday said the decryption tool offered by the ransom gang to the HSE appears to be genuine.


The same cyber security sources believed the gang may be acting out of concern that their attack on the HSE had become so large scale and was attracting so much attention they wanted to diffuse the situation.
This isn't unbridled good news and the caveats are being discussed on Drivetime now. The unlocking key may contain further malware and this is being checked. Even if the key is genuine, irreparable damage may have been caused to files and rebuilding from backups may have to proceed. Apparently some US oil Co paid $4M in ransom recently, the unlocking key was provided but was not in itself sufficient to restore their systems.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611

I was wondering WHAT was the point of that, then I read:

The main purpose of the orders, the court heard, is to put legitimate information service providers such as Google and Twitter on notice of a legal prohibition on the sharing and publication of the HSE information.
 

jmcc

Member
Nov 27, 2018
1,022
618
I wonder would it be possible for Governments to somehow freeze all bitcoin accounts - say for a week or two - and then give investors a month to cash out - prior to banning cryptocurrency?
Bitcoin was designed to reduce, if not eliminate, the power of governments to do such a thing. There is no such thing as a Bitcoin account as such.
 
Last edited:

midlander12

Member
Dec 4, 2018
3,089
2,108
BREAKING - WELCOME NEWS ..


The ransomware group targeting the HSE has given the Irish authorities a decryption tool that it says will enable them to recover their IT systems and the files that hackers locked and encrypted.

However, the Russian-speaking cyber gang behind the attack is still threatening to share the information, including personal information relating to patients, on the darknet and to sell some of it to other criminals if the ransom is not paid.

.. cyber security professionals who spoke to The Irish Times on Thursday said the decryption tool offered by the ransom gang to the HSE appears to be genuine.


The same cyber security sources believed the gang may be acting out of concern that their attack on the HSE had become so large scale and was attracting so much attention they wanted to diffuse the situation.

OR did the ransom get paid, quietly and deal was hacker group say they gave the decryp keys for free
I doubt a ransom was paid. The precedent created would be the equivalent of a 'welcome aboard' from the Irish state to all future hackers. The gang may have bitten off more than they can chew with the HSE hack - it has brought them no end of largely unwanted attention, and in that context the decryption tool may be a device to reduce the heat. They can still torment the Irish authorities and members of the public with the information that they have and continue their attacks on smaller entities that are more likely to pay up quietly rather than go out of business.
 

snorlax

Member
Dec 11, 2019
1,969
1,907
This is an appalling outcome. The HSE cybersecurity and computer system is so poor that the hackers have been too successful and have brought the whole system to its knees. Our overpaid head of the HSE needs to be sacked immediately for overseeing this disaster and there needs to be an inquiry that holds successive FFFGGreen and labour governments to account for running the HSE investment into the ground. Of course none of this will happen and knobs will continue to vote for these awful parties.
 

Shaadi

Member
Feb 16, 2019
2,299
2,548
I doubt a ransom was paid. The precedent created would be the equivalent of a 'welcome aboard' from the Irish state to all future hackers. The gang may have bitten off more than they can chew with the HSE hack - it has brought them no end of largely unwanted attention, and in that context the decryption tool may be a device to reduce the heat. They can still torment the Irish authorities and members of the public with the information that they have and continue their attacks on smaller entities that are more likely to pay up quietly rather than go out of business.

We shall see how it progresses, I would posit the view that Ireland has basically been a friend of Russia for many years and if the Kremlin can influence or threaten the hackers to ease up on Ireland they may well have done so. Coveney was in touch with his Russian counterpart.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
We shall see how it progresses, I would posit the view that Ireland has basically been a friend of Russia for many years and if the Kremlin can influence or threaten the hackers to ease up on Ireland they may well have done so. Coveney was in touch with his Russian counterpart.
Russian ambassador was on RTE Drivetime with Sarah Mc saying they’ve offered to find the hackers.


The Russian Ambassador to Ireland has described the cyber attack on the HSE as a hideous criminal attack and said that this kind of activity - Russian or otherwise - is illegal and its perpetrators should be brought to justice.

Speaking on RTÉ's Drivetime, Yuri Filatov said that they have offered their assistance to the Irish Government and have suggested that there be a joint effort to investigate the incident.

Asked whether the Irish Government has asked for Russia's assistance in this regard, Mr Filatov said the subject had been touched upon in a very recent conversation.

He also said that if they were talking about a Russian based criminal group they would be very interested in joining the investigation since they were hunting these people all along.
 

midlander12

Member
Dec 4, 2018
3,089
2,108
We shall see how it progresses, I would posit the view that Ireland has basically been a friend of Russia for many years and if the Kremlin can influence or threaten the hackers to ease up on Ireland they may well have done so. Coveney was in touch with his Russian counterpart.
Indeed, though one wonders what the Russians were promised in return? Why do you say Ireland has been a friend of Russia? I wasn't aware of any particular closeness, except maybe an absence of open criticism (which is basically something we don't do much of, anyway).
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
Indeed, though one wonders what the Russians were promised in return? Why do you say Ireland has been a friend of Russia? I wasn't aware of any particular closeness, except maybe an absence of open criticism (which is basically something we don't do much of, anyway).
@midlander12 See post just above yours that I just added ..
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
He didn't say much, did he, apart from the fatuous nonsense of wanting to hunt them down? But I do wonder if the attention this has brought on the Russian state, as well as the Conti crew themselves, was all a little too much?
That seems to be the case. And I notice Coveney involved. I heard he made some rather sharp points in some virtual meet last few days which involved Russia
 

midlander12

Member
Dec 4, 2018
3,089
2,108
That seems to be the case. And I notice Coveney involved. I heard he made some rather sharp points in some virtual meet last few days which involved Russia
Good man if he did. More than time someone said a little more than 'boo' to them.
 

T. Leaf

Member
Nov 28, 2018
2,015
1,525



Min for Health thinks it’s disgraceful that law firms are licking their lips at the prospect of suing the state over data breaches. My experiences this is the only way to get the Department of health to do anything. Headless chicken panic will ensue.
Ambulance chasers.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
Thats ALL it takes, I think I did mention this as most likely source. So a dodgy link or attachment in an email type thing


THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer.

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said.

Read the rest of article, with all my years in IT, it is no surprise to me whatsoever
 

midlander12

Member
Dec 4, 2018
3,089
2,108
Thats ALL it takes, I think I did mention this as most likely source. So a dodgy link or attachment in an email type thing


THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer.

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said.

Read the rest of article, with all my years in IT, it is no surprise to me whatsoever
Actually it sounds a little strange to me. In any public sector organisation I've worked in, if you have a problem with your work PC or laptop, you ring or email your IT Dept. You wouldn't click on an unsolicited email offering you help - unless it purported to come from your own IT maybe, and even then it strikes me as a little odd?
 

ruserious

Member
Dec 4, 2018
5,138
4,881
Actually it sounds a little strange to me. In any public sector organisation I've worked in, if you have a problem with your work PC or laptop, you ring or email your IT Dept. You wouldn't click on an unsolicited email offering you help - unless it purported to come from your own IT maybe, and even then it strikes me as a little odd?
There’s always the office idiot that will click on that link.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
With respect to the 700GB download. Seems alot in a short time BUT the article isnt clear as to the time from access to the point where contact was made to staff member.

And the download itself .. the article says

"However, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations."

So it sounds like it might have been a torrent type download scenario where the download happened in parallel and/or from different locations at the same time adding up to 700GB
 

seanof

Member
Nov 27, 2018
2,473
2,405
Read the article carefully. https://www.thejournal.ie/hse-cyber-attack-ransonware-started-5443370-May2021/.

According to that article, there is nothing to indicate the employee clicked on a link in an email. It appears the system had already been compromised when the employee responded to a message that appeared to originate from within the network. The 700 GB of data had already been downloaded over time. The decryption key was provided at the same time as the ransom was demanded, with the threat that they would sell the data if it was not paid.

Maybe the article is inaccurate but don't read into it what isn't there.

Here it is in full in case it's edited;

HSE cyber attack began on a single computer when an employee clicked on a link

Niall O'Connor

3-4 minutes


THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.
A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer.
“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said.
What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer.
The employee was told that a ransom of close to €15 milion would be needed, the source said.
“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.
It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.
”The message was in very calm, non-threatening language. It was very transactional,” the source added.
The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week.
Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack.
Howver, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations.
Sources have told The Journal that the messages received did not identify the group as Spider Wizard.
When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.

An earlier statement released by the HSE confirmed that an encryption key has been made available.
“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said.
The HSe this evening secured a High Court injuction to stop the illegal use of any data that may have been stolen during the ransomware attack.
 
Last edited:

Shaadi

Member
Feb 16, 2019
2,299
2,548
Indeed, though one wonders what the Russians were promised in return? Why do you say Ireland has been a friend of Russia? I wasn't aware of any particular closeness, except maybe an absence of open criticism (which is basically something we don't do much of, anyway).
Friend may have been a strong word, but we haven't had a negative relationship with Russia. Through the Cold War years Russian planes were welcomed at Shannon and I seem to remember that that level of subtle neutrality and non-hostility has run through Russian-Irish relationships (apart from the Skibbereen Eagle ).
 
Last edited:

Robutnua

Member
Nov 28, 2018
12,353
5,611
Friend may have been a strong word, but we haven't had a negative relationship with Russia. Through the Cold War years Russian planes were welcomed at Shannon and I seem to remember that that level of of subtle neutrality and non-hostility has run through Russian-Irish relationships (apart from the Skibbereen Eagle ).
And I would think memories at a human level might remember Chernobyl Children and Irish response through Adi Roche etc. Maybe that is worth something
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
That will put the Russians back in their box.
They won't want to tangle with Ireland.
Its not that glib, not about Ireland necessarily. This is in a way about russia reputation. This hack group are in Russia. Apparently a big biz in the St Petersburg burbs.

You can be damNed sure Russia Authorities know who they are and may use them now and then.

The lads have over stepped the mark here
 
Feb 26, 2019
151
147
Its not that glib, not about Ireland necessarily. This is in a way about russia reputation. This hack group are in Russia. Apparently a big biz in the St Petersburg burbs.

You can be damNed sure Russia Authorities know who they are and may use them now and then.

The lads have over stepped the mark here
You could say they were "put-in" their place.
 

Robutnua

Member
Nov 28, 2018
12,353
5,611
You could say they were "put-in" their place.
Yip .. most likely.

Most ransomware attacks are left under the radar and the purps like it that way. Not drawing attention.

In most cases to small, medium businesses the attack happens and vast majority of biz pays up BUT keeps it quiet for reputation purposes, even in some cases get there IT company to sign NDAs. Thats why you dont hear much about it here, but believe you me its happening to alot of companies here
 
Top Bottom