| 9.6°C Dublin

cyber crime Vicious HSE attack software, Conti, specialises in stealing valuable and sensitive information

Conti is a type of ransomware that operates ‘double extortion’


Hackers accessed secure HSE information

Hackers accessed secure HSE information

Hackers accessed secure HSE information

The cyber attack on the HSE’s computer systems may have been caused by something as simple as an employee clicking on a link in an e-mail.

It has emerged that this particular attack is the work of a variant of Conti, a type of ‘ransomware’ that operates “double extortion”.

This means that it not only encrypts information, but it can also steal and threaten to expose it.

The ransomware known as Conti has been in existence since last May.

It may have had been embedded in the HSE’s IT systems for a number of days before the cyber attack was discovered in the early hours of Friday morning.

Conti has been used to attack over 50 organisations in April 2021 alone and has been used leaking data stolen from hospitals internationally.

It is not yet known whether sensitive patient data has been stolen or compromised in the cyber attack.

The HSE has today said: "Some progress was made overnight on laying the foundation step on which we can then begin the attempt to rebuild the core of the system.

"However, this will be a slow and methodical process from here, putting pieces back up and testing them one by one.

"This an important first step but there is a lot more work ahead."

Previous international investigations have shown that eastern European crime networks have been specialising in this type of organised crime in recent times.

Specialist gardai are braced for more attacks of this kind.

Sunday World Newsletter

Sign up for the latest news and updates

This field is required This field is required

“This type of crime is the number one international threat at this time and is estimated that cyber crime will cost up to €5 trillion globally before the end of this year,” a senior source said.

“It was only a matter of time before a cyber attack on this huge scale happened here and unfortunately all the indications are at there will be more to come,” the source added.

The Garda National Cyber Crime Bureau (GNCCB) are working with other agencies in the National Cyber Security Centre (NCSC) in attempting to “manage” the situation however gardai have not yet launched a full investigation.

It has been confirmed that a “significant” ransom demand has been made to the HSE which the government says it will not pay.

Already this year, the GNCCB have been involved in a number of ransomware investigations in Ireland some of which have targeted small businesses here but nothing on this scale.

“There has been growing amount of these type of incidents throughout the year so far. These are targeted attacks,” the source said.

It is suspected that the international hackers behind the cyber attack are “most likely” based in eastern Europe particularly Russia but they are “almost untraceable to law enforcement” according to sources.

“The prospect of the organised crime gang involved in this being caught is extremely remote. But this entire situation is also a no win for them as there is no prospect that the State will pay up a ransom and there is the potential that this attack could lead to a lot of attention on them,” the source said.

China is the greatest cybersecurity threat in the world today, followed by Russia, Iran and North Korea, a leading US Department of Justice prosecutor told the IFPC2021 Cybersecurity and FinCrime conference which was streamed from Dublin last month to delegates representing over 90 countries.

John Demers, the assistant attorney general at the US National Security Division also warned that Ireland is a target for cyber criminals due to the large amount data stored here.

“It is for this reason that it is not a huge surprise that something like this has happened here,” the source said.

When the garda investigation starts in full, the GNCCB under the command of Detective Chief Superintendent Paul Cleary will work with Interpol and Enisa, the EU Agency for Cybersecurity based in Athens in an attempt to identify the international gang behind the ransomware attack.

Last year there was a major increase in resources at the Garda National Cyber Crime Bureau (GNCCB) with the recruitment of 50 additional detectives and 20 civilian staff – doubling the unit’s capability.

The GNCCB has established six "cyber satellite hubs" in Wexford, Mullingar, Galway and Cork last year.

They are located within garda stations. Two more will come on stream, in Cavan and Dublin later this year.

A decryption suite purchased for about €500,000 was installed last year in the bureau's headquarters.

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices

Top Videos