Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Unprecedented - Cyber Attackers Release Secret Key To Save Irish Health System (bbc.com) 57

Posted by BeauHD from the unexpected-turn-of-events dept.
Lanodonal shares a report from the BBC: Hackers responsible for causing widespread disruption to the Irish health system have unexpectedly gifted it with the tool to help it recover. The Conti ransomware group was reportedly asking the Irish health service for $20 million to restore services after the "catastrophic hack." But now the criminals have handed over the software tool for free.The Irish government says it is testing the tool and insists it did not, and would not, be paying the hackers. Taoiseach (Irish prime minister) MicheÃl Martin said on Friday evening that getting the software tool was good, but that enormous work is still required to rebuild the system overall.

Conti is still threatening to publish or sell data it has stolen unless a ransom is paid. On its darknet website, it told the Health Service Executive (HSE), which runs Ireland's healthcare system, that "we are providing the decryption tool for your network for free." "But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation." It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly. In an alert made public Thursday by the American Hospital Association, the FBI said the Conti group has also hit at least 16 U.S. medical and first response networks in the past year.
This discussion has been archived. No new comments can be posted.

Unprecedented - Cyber Attackers Release Secret Key To Save Irish Health System More

Unprecedented - Cyber Attackers Release Secret Key To Save Irish Health System

Comments Filter:

  • Not too surprising, really. (Score:3)

    by ZorinLynx ( 31751 ) on Friday May 21, 2021 @06:15PM (#61408584) Homepage

    "A man can get a job, he might not look too close at what that job is. But a man learns all the details of a situation like ours, well, then he has a choice."

    "I don’t believe he does."

    • Fantastic Firefly reference!

    • Maybe the optics are more obvious when it comes to keeping people from dying, than prosecuting hackers from violating citizen privacy that the government itself ... well, who knows who they engage to operate on their behalf [youtu.be]?

      • Re:Not too surprising, really. (Score:5, Interesting)

        by Kisai ( 213879 ) on Friday May 21, 2021 @06:47PM (#61408672)

        It's probably one or more of three things

        A) Hackers belonging to the group live in Ireland
        B) Not a good look to destroy a medical system in a country
        C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges

        Like in context, weaponizing malware (eg be it public utilities or medical infrastructure) is ultimately going to result in escalating tensions between governments and hackers. It's different if say, government infrastructure is targeted with the goal of releasing the UFO information, stuff that basically we know exists, but don't know the truth. But when the goal is ransomware to get large payouts, that too often results collateral damage.

        If anything people should start keeping redundant computer systems, and storing their data that they want to keep forever, on external drives/tapes that they can rotate through so that in the event of randomware they can switch to the redundant system that isn't connected to the network, have the ransomware'd devices wiped, and restore to earlier backups. Better to lose a few days work than to pay criminals.

        • Re: (Score:3)

          by gTsiros ( 205624 )

          they are already in deep enough shit to get them in jail for life, if not multiple lifetimes

          attacking critical, public infrastructure on this scale for ransom ? Are you fucking kidding me ?

          • Re: (Score:2)

            by AmiMoJo ( 196126 )

            Depends where they are. If it's Russia then they generally don't care about cybercrime that happens overseas. Many other countries are the same, don't care, won't put resources into it.

            • Depends where they are. If it's Russia then they generally don't care about cybercrime that happens overseas. Many other countries are the same, don't care, won't put resources into it.

              True. Another possibility though is if the hackers are Russian is Putin has decided they are causing him problems and let it be know he wants them to stop hitting certain targets.

        • The problem with this approach is you have to know exactly how the hackers got into the system or you are just restoring to a point in time where the same vulnerabilities exist.

          If the attack vector was a malicious email attachment then you might have a chance of preventing a second attack. If the attack was a software vulnerability or a configuration problem you are right back where you started and waiting for the next attack.

          What's needed is a complete rethink of the entire network inside a company.

          • Re: (Score:3, Insightful)

            by aliasmnbvcx ( 1386499 )
            I disagree.
            Considering the example of the Irish Health Service in the article points out the issues.

            External, loosely affiliated parties (doctors, clinics, ambulances) with no infosec knowledge need to contribute vital data (x-rays, patient notes) that is placed onto core systems, and it can be a matter of life-and-death that accurate complete data is retrievable with minimal delay, fails, errors by authorised individuals.

            The network focused ring based system described is a case of imposing a theoreti

          • This sounds great in theory. In practice, though...

            First and foremost, it'll be immensely confusing for frontline employees ("this computer can access billing, but if I want to check Medscape I have to use that computer"), and unless the hospital's networking department does a really fantastic job explaining everything, it'll be seen as arbitrarily making things more of a pain in the ass for no purpose.

            And are there going to be twice as many machines in places like the micro lab, where the whole team will n

        • C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges

          No they won't. That would be impossible to prove. They will get hit with manslaughter chargers (2nd degree Murder in USA terms).

        • All hospital and GP clinics have a code, and for STD's compulsory notification. Starting with politicians and rich people, see who has had affairs, or caught a social disease. See who has fathered children where the dad or not on the birth certificate. Profit. Now match those receiving welfare who are 'not cohabitanting' but share addresses. Sell lists of names where the woman/lady has had an std or abnormal pap smear, and let he Facebook buddies know,
          • Actually this is tame. IVF / Infertility questionnaires detail everything you want to know about mating habits, and I mean everything. For politicians we can see drug abuse/dependencies or if they are on strong depression drugs. Twenty years ago, mainframe based, this information was safe. Now UK and one presumes Ireland watered down security to a platform that has yearly issues/ CVE's 8plus. Now if only they can get the drugs/tablets prescribed to go with the records.
        • Probably more likely some old IRA guy with connections to organised crime and international terrorists was affected and put a few calls round

        • C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges

          Unfortunately for that group the horse may have already left the stable as around 50% of treatments for things like cancer patients had to be stopped because the hospital couldn't access records

  • I wonder what the IRA will have to say about this

    • I wonder what the IRA will have to say about this

      No problem - I don't have any Irish hospitals in mine.

  • So (Score:2)

    by pele ( 151312 )

    How many billions of euros did they spwnd on the IT systems in Ireland? UK spent around £4bn by 2010, after that I stopped counting. Has anyone ever went to prison for broken systems? I don't think so. Why not?

    • Maybe the big wigs need to outsource to India more harder.

    • Re: (Score:1)

      by Anonymous Coward

      What court is sufficiently knowledgable to convict members of an IT department of negligence?

      "They were sophisticated criminals using a zero-day exploit to penetrate our system."
      "Case dismissed."

    • Re:So (Score:4, Insightful)

      by rahmrh ( 939610 ) on Friday May 21, 2021 @07:39PM (#61408792)

      It is not the big systems that are getting broken. It is the desktop systems that no one secures and has users that will fall for the schemes, not the big system that are insecure. There are multiple cases in the US were the frontend/desktop systems got broken and used to query the big systems since they now had all the creds necessary. Or they query the big systems across the internet if the client does not have 2-factor covering that. If they cannot get data (and if they do) the fall back is just to encrypt the desktops and ask for ransom, since if you get enough of the frontend systems you can cost them enough time and resources that they will just pay you. Early on some of the breakins they asked for amounts so small that the bigger orgs just paid it, but later one they figured out they could ask for more and some then could not afford to pay and stay in business.

      We worry about making longer and more complex passwords and changing passwords more often and the real issue is it is easier to break the desktop system (phishing schemes) and encrypt it and wait for the user to in their normal job to supply the creds they need to get into the big system. 2-factor at least slows down the access to the big systems but rarely is the desktop device protect with 2-factor.

    • UK spent around ã4bn by 2010,

      I think that the correct statement is that "the UK was ripped off by incompetent IT contractors to the tune of about £4B"

      • UK spent around ã4bn by 2010,

        I think that the correct statement is that "the UK was ripped off by incompetent IT contractors to the tune of about £4B"

        The UK NHS is absolutely huge. It's the world's largest single employer with over 1.3 million staff, of which 1.1million are full time.

  • The Colonial pipeline incident got a lot of coverage and even if the bad outcomes from the hack were more self inflicted from the sensationalism than the actual hack a whole bunch more ordinary people know the term "ransomware" now and it's negatively affected their lives and not just some corporation.

    Now this group is shutting down hospitals, hurting sick people? That's a lot of public negative attention on anyone engaged in this now and the lazy governments may not be so easily able to ignore it. Or may

  • "Unprecedented" (Score:5, Insightful)

    by jacks smirking reven ( 909048 ) on Friday May 21, 2021 @06:34PM (#61408638)

    Quote from TFA: "It's not unprecedented for ransomware criminals to give away their decryption tools for free."

    • Quote from TFA: "It's not unprecedented for ransomware criminals to give away their decryption tools for free."

      Slashdot has new features.

      They now include free clickbait.

      It's kind of sad really. Trying to Slashdot yourself, since it doesn't work anywhere else...

      • That feature is not new. My very first submission nearly a decade ago had its headline re-written in a clickbait form. Editors edit, but only when you *don't* want them to.

  • "Gifted"?! (Score:4, Informative)

    by Flexagon ( 740643 ) on Friday May 21, 2021 @07:16PM (#61408740)
    Gifted??!! What doublespeak.

  • They are anything but. They are opportunistic parasites that should be strung up.

  • Ransomware people are dumb (Score:4, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Friday May 21, 2021 @09:08PM (#61408994)

    They should go after big companies flush with cash that everybody hates. That way, not only would they get their money, they would also gain some Rob Roy-like sympathy. But with the targets they choose, they just paint themselves as right ole bastards.

    Then again, they go for the low-hanging fruits with piss-poor IT and no power-lawyers on the books.

    • Like Colonial Pipeline?

      The problem with big organizations that are widely hated is they have a lot of control over the rest of us. That's why they're hated. It's also why they're flush with cash.

      The big companies effectively hold the rest of us ransom in various ways. It's called providing vital services.
    • No, they shouldn't. As much as everyone wants to dunk on or hate a lot of wealthy capitalists, having a group of people like this is just another side effect of capitalism. They want to be rich relative to other people, and they're willing to fuck over the lives and livelyhoods of bystanders to accomplish that, without any of the burden of accountability.

      Do you seriously think that Bezos, Musk, or Gates will take a direct hit because a secretary or a salesperson was successfully phished once out of a hun

  • Idealism is adorable but humanity evolved to be apex predators because predation is rewarded.

    Crypto is a grotesque waste of natural resources and electricity on what is intended to be a criminal (crimes can be good or bad, I mean in the legal sense) tool for tax evasion and any other suitable task.

    Ban crypto and render then execute ransomware gangs as terrorists. That will deter enough to matter.

    • It's the opposite. Lack of crypto will prevent anyone to secure his systems from this.

      These guys are already doing illegal stuff and crypto knowledge is already out there. So doing it while banned will be a no-brainer for them.

      • Crypto is a ponzi scheme that has enabled far worse than the benefits that it claims to offer.

        It's harder to be anonymous when you need to physically receive a note or package containing your ransom money. The stakes are much higher, and it takes time to receive the money.

        • No, crypto is the art of obfuscating messages in a way that only the intended receiver is able to read them.

          Oh, you mean cryptocurrency? That's different, but not a Ponzi scheme, eithet. It's a different kind of speculative scam with its own dynamics. And it's not anonymous, either, quite the opposite. Transactions are linked to their respective wallet ID forever. If you ever manage to find tje name of the person behind the wallet (e.g
          when they order porn off Amazon with the money they made) you can

    • Good luck enforcing that. There's a thing called steganography, which can hide the presence of an encrypted message. Also, everyone who's not a complete fool wants privacy.

  • humans (Score:2)

    by Tom ( 822 )

    It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly.

    Criminals are humans, too. There are plenty of cases of criminals trying not to be complete assholes.

    But yes, that's all guesswork, of course. But it's not like it never happened before (including in the sphere of ransomware).

    • It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly.

      Criminals are humans, too. There are plenty of cases of criminals trying not to be complete assholes.

      In general, however, that behavior is to avoid bringing unwanted attention that could result in a decrease in profits, not some altruistic motive. I suspect it is the same here.

      • In general, however, that behavior is to avoid bringing unwanted attention that could result in a decrease in profits, not some altruistic motive. I suspect it is the same here.

        This is probably what it is. I'm sure that all of the ransomware gangs took a look at what happened with the Colonial Pipeline and realized that as long as you're merely a nuisance, it's not worth anybody's time to go after you. Going after a large, well-connected organization is how you end up being a public spectacle. When you've hit a target big enough to be a part of the conversation taking place between leaders of world superpowers, you know you've got enough unwanted attention that the best case scena

  • There is no space for mercy nor room for justification. There is only the fact that these people are responsible for their shitty software compromising the health of real people, and the integrity of the healthcare system. In war, willfully causing great suffering or serious injury to body or health would be a violation of the Geneva convention. It would be a war crime, and they are responsible for the misfiring of their weapons of terror.
    br /> These criminals deserve to be identified, tried, and locked
  • They released the tool for free because probably someone in their group or close to them required medical attention where the system being down would risk their lives.

  • Sure, they can unlock the encrypted files, but every device still needs to be considered compromised. You can't find every hidden trojan these scum may have inserted, and restoring encrypted files is only part of the solution as there is usually a large amount of fuckery done to the registry as well.

    I imagine that they will still need to rebuild every device before letting it back onto their network, to prevent immediate re-infection.

Slashdot Top Deals

WARNING TO ALL PERSONNEL: Firings will continue until morale improves.

Close