| 16.5°C Dublin

ransomware hack 'Organised' criminals behind HSE cyberattack are 'on par' with Kinahan mob - expert warns

"And the HSE is not the first health system to be victimised."


Hackers seek millions of dollars in ransomware attacks

Hackers seek millions of dollars in ransomware attacks

Brian Honan.

Brian Honan.


Hackers seek millions of dollars in ransomware attacks

One of Ireland's leading cyber security experts has warned that the criminals behind the ransomware attack on the HSE are every bit as organised and hardened as the Kinahan OCG.

Brian Honan, CEO of BH Consulting, a cyber security and data protection advisory firm, who spent four years acting as a special advisor to Europol, said the ransomware attack is part of a global onslaught, targeting health systems and providers, which has been ongoing throughout the pandemic.

Mr Honan said it is likely the gang, who used a ransomware programme known as 'Conti' to first infiltrate and then hold the HSE's data's system to ransom, are likely to be based in Russia or a former Soviet bloc nation where cyber-security controls and international co-operation is minimal.

Profiling the criminals likely responsible, Mr Honan told the Sunday World: "These are hardened, organised criminal gangs whose primary goal is to make money and they don't care who they hurt or what impact they have on systems.

"They are also likely to be involved in other types of organised crime, be that human trafficking or drug smuggling.

"They would be on a par in their own right with the likes of the Kinahan gang. The attacks are not the work of bored teenagers sitting in their bedrooms.

"And the HSE is not the first health system to be victimised.

"Particularly during the pandemic, we have seen a huge increase in attacks by organised crime on hospitals throughout the world, as well as ransomware attacks on universities researching Covid-19 and vaccine and pharmaceutical companies.

"Anyone involved in the medical sector is being actively targeted by these criminals because they realise how dependent we are during the pandemic."

Detailing the attack on the HSE, Mr Honan said: "The ransomware used is called Conti and it's known that this software is used by organised crime gangs based out of former Soviet countries and probably, most likely, Russia.

Asked how Conti ransomware works, Mr Honan said: "The way the Conti ransomware gang work is they compromise a company's systems, then they'll spend a few days in there trying to compromise a few more and copy some of the data.

"Then they'll also do what is called a double extortion demand. The first demand is: 'Pay us money to unlock your data' and the second demand is: 'Pay us money so we won't release the data we've stolen online.'

Sunday World Newsletter

Sign up for the latest news and updates

This field is required This field is required

"But the HSE have said they are not going to pay and that makes sense."

Asked what sums of money, ransomware gangs demand, Mr Honan said: "Last week, a US gas pipeline called Colonial was attacked by ransomware.


Brian Honan.

Brian Honan.

Brian Honan.

"The ransom demand for them was $5 million and they paid it … something that most people like myself and most police forces would say you don't do.

"It's widely known that half of the people who pay the ransom don't get their data back," Mr Honan said.

Asked what happens in a stand-off, such as currently exists with the HSE, where an organisation refuses to pay the ransom, Mr Honan said: "It typically ends with what the HSE are doing at the moment.

"The first thing you do is identify which systems have been compromised.

"You isolate them away from the rest of the network so the infection doesn't spread any further. You then restore parts of your system and your network in small sections.

"It's a gradual process to get your system back up and running. And whether you pay the ransom or not, that's the process you have to follow … so paying the ransom will not get your system back up any quicker."

Mr Honan said that this week's attack should be wake up call to the government in relation to the need to allocate increased resources to cyber-security.

"We promote ourselves as the tech island, so the Government needs to make sure at a national level that An Garda Síochána, the cyber-security sector, the Defence Forces and the Data Protection Commissioners Office are all being given adequate resourcing," he added.

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices