Conti Ransomware attack on Ireland HSE encrypted 80% of data

Ireland Health Service (HSE) was cyber-attacked by CONTI Ransomware group in mid last year and news is now out that 80% of the data been stored on the servers of the healthcare services provider was encrypted by the said a gang of criminals.

A detailed probe launched by the US Department of Health and Human Services (HHS) says that the digital assault resulted in severe disruption of health services across Ireland and exposed about 750 GB of data related to COVID-19 vaccines. The criminals not only accessed the data but also sent the details to their remote servers operating in the Russian Federation.

A PDF linked to the probe was released to the media this week, and it states that the Conti gang infiltrated the computer networks of HSE in May 2021 by somehow evading the anti-malware solutions and the threat detection solutions.

Slowly and steadily the gang of notorious cyber criminals encrypted the IT environment of the HSE, leading to 80% of encryption within a few days’ time.

Conti ransomware gang provided a free decryption tool to Ireland’s health service department with a warning that they will sell or publish the stolen data if their demand of $20 million for ransom is ignored.

At the time of the incident, Micheal Martin, the Prime Minister of Ireland, warded off the news that the authorities will pay a ransom. He was adamant about the decision of not paying the ransom because it not only encourages crime but also doesn’t guarantee a decryption key for sure.

Unconfirmed reports from a security company titled VirusTotal stated that some criminal/s uploaded some classified data onto its scanning website that contained details such as email addresses, phone numbers, IP addresses, and physical addresses appearing to be stolen from Ireland’s National Health Care Network.

Ireland’s Government, based on the order of the Department of Justice, launched a probe into the incident and asked VirusTotal to submit the data for analysis.

And the result on whether the information truly belonged to HSE is awaited!

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display