Explainer: What ransomware is and how it works

The HSE is grappling with a ransomware cyberattack. Here’s why ransomware is so crippling.

Adrian Weckler

Wondering what ransom ware is and how it works? Here’s a very quick explainer.

What happened?

The HSE, Tusla and at least one hospital (the Rotunda) have been hit by “aggressive” ransomware overnight.

What’s ransomware?

It’s malicious code that locks you out of your computer system completely. It asks you to pay a ransom, almost always in cryptocurrency like Bitcoin, in exchange for the attack to stop.

What happens if you don’t pay?

The ransomware wipes all of your computer system’s data or the hackers release some of the data publicly. For a business or an institution -- the main targets of ransomware attacks -- that can be financially or reputationally crippling. In the case of a hospital, it could be disastrous for patient records and privacy.

Do we know how much the ransom demand is?

Speaking on RTE’s Morning Ireland, HSE boss Paul Reid said that it hasn’t yet received a specific demand. But we know that the average ransom paid last year was almost €300,000, according to industry figures from researchers like Palo Alto Networks’ Unit 42.

Isn’t IT security software supposed to deal with this kind of thing?

Sometimes it doesn’t -- the attackers often get in in sneaky ways, like by compromising staff accounts through social interactions or ‘phishing’ emails that dupe people into hitting a link or unwittingly downloading the ransomware.

So there’s no complete defence against ransomware?

Security experts say that the best ultimate defence, other than vigilance and good daily IT routines, is to have proper, separate backups of the organisation’s data. This way, even if the data is wiped, it can be retrieved from the backup.

Who’s behind this ransomware attack?

Speaking on Morning Ireland, Master of the Rotunda Professor Fergal Malone said that it was the ‘Conti’ ransomware variant. It is not know who is behind the attack, but most ransomware attacks are carried out by cybercriminals. The Conti ransomware attack is an especially pernicious form of ransomware as it sometimes include double extortion. According to the IT security firm Sophos, the criminal gang will sometimes demand a ransom for unlocking the victim’s IT system, while also leaking some stolen data. The gang then adds a second demand for more money in exchange for not leaking any further stolen data.

Why pick a health service?

The criminals are likely betting that because health records are very sensitive, there’s a reasonable chance they’ll get paid.

Is this an isolated incident?

No. Ransomware attacks are now a regular occurrence for Irish organisations. Last month, both the National College of Ireland and Technological University Dublin’s Tallaght’s campus were hit by ransomware attacks.

Today's Headlines

More News

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices