Unprecedented - Cyber Attackers Release Secret Key To Save Irish Health System (bbc.com) 57
Lanodonal shares a report from the BBC: Hackers responsible for causing widespread disruption to the Irish health system have unexpectedly gifted it with the tool to help it recover. The Conti ransomware group was reportedly asking the Irish health service for $20 million to restore services after the "catastrophic hack." But now the criminals have handed over the software tool for free.The Irish government says it is testing the tool and insists it did not, and would not, be paying the hackers. Taoiseach (Irish prime minister) MicheÃl Martin said on Friday evening that getting the software tool was good, but that enormous work is still required to rebuild the system overall.
Conti is still threatening to publish or sell data it has stolen unless a ransom is paid. On its darknet website, it told the Health Service Executive (HSE), which runs Ireland's healthcare system, that "we are providing the decryption tool for your network for free." "But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation." It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly. In an alert made public Thursday by the American Hospital Association, the FBI said the Conti group has also hit at least 16 U.S. medical and first response networks in the past year.
Conti is still threatening to publish or sell data it has stolen unless a ransom is paid. On its darknet website, it told the Health Service Executive (HSE), which runs Ireland's healthcare system, that "we are providing the decryption tool for your network for free." "But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation." It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly. In an alert made public Thursday by the American Hospital Association, the FBI said the Conti group has also hit at least 16 U.S. medical and first response networks in the past year.
Not too surprising, really. (Score:3)
"A man can get a job, he might not look too close at what that job is. But a man learns all the details of a situation like ours, well, then he has a choice."
"I don’t believe he does."
Re: Not too surprising, really. (Score:1)
Fantastic Firefly reference!
Re: (Score:2)
I have no mod-points to mod-up... but I would otherwise.
Re: (Score:2)
Re:Not too surprising, really. (Score:5, Interesting)
It's probably one or more of three things
A) Hackers belonging to the group live in Ireland
B) Not a good look to destroy a medical system in a country
C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges
Like in context, weaponizing malware (eg be it public utilities or medical infrastructure) is ultimately going to result in escalating tensions between governments and hackers. It's different if say, government infrastructure is targeted with the goal of releasing the UFO information, stuff that basically we know exists, but don't know the truth. But when the goal is ransomware to get large payouts, that too often results collateral damage.
If anything people should start keeping redundant computer systems, and storing their data that they want to keep forever, on external drives/tapes that they can rotate through so that in the event of randomware they can switch to the redundant system that isn't connected to the network, have the ransomware'd devices wiped, and restore to earlier backups. Better to lose a few days work than to pay criminals.
Re: (Score:3)
they are already in deep enough shit to get them in jail for life, if not multiple lifetimes
attacking critical, public infrastructure on this scale for ransom ? Are you fucking kidding me ?
Re: (Score:2)
Depends where they are. If it's Russia then they generally don't care about cybercrime that happens overseas. Many other countries are the same, don't care, won't put resources into it.
Re: (Score:2)
Depends where they are. If it's Russia then they generally don't care about cybercrime that happens overseas. Many other countries are the same, don't care, won't put resources into it.
True. Another possibility though is if the hackers are Russian is Putin has decided they are causing him problems and let it be know he wants them to stop hitting certain targets.
Re: (Score:2)
If the attack vector was a malicious email attachment then you might have a chance of preventing a second attack. If the attack was a software vulnerability or a configuration problem you are right back where you started and waiting for the next attack.
What's needed is a complete rethink of the entire network inside a company.
Re: (Score:3, Insightful)
Considering the example of the Irish Health Service in the article points out the issues.
External, loosely affiliated parties (doctors, clinics, ambulances) with no infosec knowledge need to contribute vital data (x-rays, patient notes) that is placed onto core systems, and it can be a matter of life-and-death that accurate complete data is retrievable with minimal delay, fails, errors by authorised individuals.
The network focused ring based system described is a case of imposing a theoreti
Re: (Score:3)
This sounds great in theory. In practice, though...
First and foremost, it'll be immensely confusing for frontline employees ("this computer can access billing, but if I want to check Medscape I have to use that computer"), and unless the hospital's networking department does a really fantastic job explaining everything, it'll be seen as arbitrarily making things more of a pain in the ass for no purpose.
And are there going to be twice as many machines in places like the micro lab, where the whole team will n
Re: (Score:2)
C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges
No they won't. That would be impossible to prove. They will get hit with manslaughter chargers (2nd degree Murder in USA terms).
Opportunity (Score:2)
Re: (Score:2)
Re: Not too surprising, really. (Score:2)
Re: (Score:2)
C) If anyone dies as a consequence, anyone in the hacking group caught is going to be hit with premeditated murder charges
Unfortunately for that group the horse may have already left the stable as around 50% of treatments for things like cancer patients had to be stopped because the hospital couldn't access records
I suspect someone said (Score:1)
I wonder what the IRA will have to say about this
Re: (Score:2)
I wonder what the IRA will have to say about this
No problem - I don't have any Irish hospitals in mine.
Re: (Score:2)
Yes, the FSB is of "Russia" and possibly affiliated with the criminals that attacked the Irish health system.
The IRA tends to take a VERY dim view of attacks on things Irish by outsiders... And they have a habit of taking their complaints to the attackers doorstep in VERY nasty ways. Ask around in Britain for their take on such things.
Re: (Score:2)
But nobody is dumb enough to think these are good guys, do they? Like the only reason they did this is because they were afraid of having a few dozen murder charges. And not even then, they have been hitting medical institutions in other countries. Maybe they live in Ireland and decided they would look pretty dumb if they were the ones that died.
Correction: Yes, yes people are that dumb.
So (Score:2)
How many billions of euros did they spwnd on the IT systems in Ireland? UK spent around £4bn by 2010, after that I stopped counting. Has anyone ever went to prison for broken systems? I don't think so. Why not?
Re: So (Score:3)
Re: (Score:1)
What court is sufficiently knowledgable to convict members of an IT department of negligence?
"They were sophisticated criminals using a zero-day exploit to penetrate our system."
"Case dismissed."
Re: (Score:1)
If one child dies, that changes to "Guilty- maximum sentence."
Re:So (Score:4, Insightful)
It is not the big systems that are getting broken. It is the desktop systems that no one secures and has users that will fall for the schemes, not the big system that are insecure. There are multiple cases in the US were the frontend/desktop systems got broken and used to query the big systems since they now had all the creds necessary. Or they query the big systems across the internet if the client does not have 2-factor covering that. If they cannot get data (and if they do) the fall back is just to encrypt the desktops and ask for ransom, since if you get enough of the frontend systems you can cost them enough time and resources that they will just pay you. Early on some of the breakins they asked for amounts so small that the bigger orgs just paid it, but later one they figured out they could ask for more and some then could not afford to pay and stay in business.
We worry about making longer and more complex passwords and changing passwords more often and the real issue is it is easier to break the desktop system (phishing schemes) and encrypt it and wait for the user to in their normal job to supply the creds they need to get into the big system. 2-factor at least slows down the access to the big systems but rarely is the desktop device protect with 2-factor.
Re: (Score:2)
I think that the correct statement is that "the UK was ripped off by incompetent IT contractors to the tune of about £4B"
Re: (Score:2)
I think that the correct statement is that "the UK was ripped off by incompetent IT contractors to the tune of about £4B"
The UK NHS is absolutely huge. It's the world's largest single employer with over 1.3 million staff, of which 1.1million are full time.
Too much heat (Score:2)
The Colonial pipeline incident got a lot of coverage and even if the bad outcomes from the hack were more self inflicted from the sensationalism than the actual hack a whole bunch more ordinary people know the term "ransomware" now and it's negatively affected their lives and not just some corporation.
Now this group is shutting down hospitals, hurting sick people? That's a lot of public negative attention on anyone engaged in this now and the lazy governments may not be so easily able to ignore it. Or may
"Unprecedented" (Score:5, Insightful)
Quote from TFA: "It's not unprecedented for ransomware criminals to give away their decryption tools for free."
Re: (Score:2)
Quote from TFA: "It's not unprecedented for ransomware criminals to give away their decryption tools for free."
Slashdot has new features.
They now include free clickbait.
It's kind of sad really. Trying to Slashdot yourself, since it doesn't work anywhere else...
Re: (Score:2)
That feature is not new. My very first submission nearly a decade ago had its headline re-written in a clickbait form. Editors edit, but only when you *don't* want them to.
Re: (Score:2)
Hilarious that people here are calling for a ban on crypto. That should work about as well as banning pirated media. Anything else the government wanted to ban and people would be saying they can pry the encryption key from their cold dead hands.
Hilarious (Score:2)
You keep using that word. But I do not think it means what you think it means.
Re: Enough (Score:2)
Seriously, every single one of these guys asking for crypto ban has super retard IQ. IMHO.
Anyone with sense would ask for Ransomware to be Banned! And terrorism.
It's so stupid I am convinced all these guys are part of some ceiminal underground ransomware group trying to drive down BTC so that they can extort their victims into buying & transferring more BTC for given ransom amount.
They should be banned from internet. And shot. To set an example.
"Gifted"?! (Score:4, Informative)
'Save' implies the hackers are the good guys (Score:2)
They are anything but. They are opportunistic parasites that should be strung up.
Ransomware people are dumb (Score:4, Insightful)
They should go after big companies flush with cash that everybody hates. That way, not only would they get their money, they would also gain some Rob Roy-like sympathy. But with the targets they choose, they just paint themselves as right ole bastards.
Then again, they go for the low-hanging fruits with piss-poor IT and no power-lawyers on the books.
Big companies that everyone hates. (Score:2)
The problem with big organizations that are widely hated is they have a lot of control over the rest of us. That's why they're hated. It's also why they're flush with cash.
The big companies effectively hold the rest of us ransom in various ways. It's called providing vital services.
Re: (Score:1)
Do you seriously think that Bezos, Musk, or Gates will take a direct hit because a secretary or a salesperson was successfully phished once out of a hun
Like it or not, crypto enables this. (Score:2)
Idealism is adorable but humanity evolved to be apex predators because predation is rewarded.
Crypto is a grotesque waste of natural resources and electricity on what is intended to be a criminal (crimes can be good or bad, I mean in the legal sense) tool for tax evasion and any other suitable task.
Ban crypto and render then execute ransomware gangs as terrorists. That will deter enough to matter.
Re: Like it or not, crypto enables this. (Score:2)
It's the opposite. Lack of crypto will prevent anyone to secure his systems from this.
These guys are already doing illegal stuff and crypto knowledge is already out there. So doing it while banned will be a no-brainer for them.
Re: (Score:1)
It's harder to be anonymous when you need to physically receive a note or package containing your ransom money. The stakes are much higher, and it takes time to receive the money.
Re: Like it or not, crypto enables this. (Score:2)
No, crypto is the art of obfuscating messages in a way that only the intended receiver is able to read them.
Oh, you mean cryptocurrency? That's different, but not a Ponzi scheme, eithet. It's a different kind of speculative scam with its own dynamics. And it's not anonymous, either, quite the opposite. Transactions are linked to their respective wallet ID forever. If you ever manage to find tje name of the person behind the wallet (e.g
when they order porn off Amazon with the money they made) you can
Ban crypto? (Score:2)
humans (Score:2)
It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly.
Criminals are humans, too. There are plenty of cases of criminals trying not to be complete assholes.
But yes, that's all guesswork, of course. But it's not like it never happened before (including in the sphere of ransomware).
Re: (Score:2)
It was unclear why the hackers gave the tool -- known as a decryption key -- for free, said Health Minister Stephen Donnelly.
Criminals are humans, too. There are plenty of cases of criminals trying not to be complete assholes.
In general, however, that behavior is to avoid bringing unwanted attention that could result in a decrease in profits, not some altruistic motive. I suspect it is the same here.
Re: (Score:2)
In general, however, that behavior is to avoid bringing unwanted attention that could result in a decrease in profits, not some altruistic motive. I suspect it is the same here.
This is probably what it is. I'm sure that all of the ransomware gangs took a look at what happened with the Colonial Pipeline and realized that as long as you're merely a nuisance, it's not worth anybody's time to go after you. Going after a large, well-connected organization is how you end up being a public spectacle. When you've hit a target big enough to be a part of the conversation taking place between leaders of world superpowers, you know you've got enough unwanted attention that the best case scena
How about a ransom of another sort? (Score:1)
br
Re: (Score:1)
Yes, Microsoft need to pay for the evil they do.
Probably... (Score:2)
All systems are still compromised tho (Score:2)
Sure, they can unlock the encrypted files, but every device still needs to be considered compromised. You can't find every hidden trojan these scum may have inserted, and restoring encrypted files is only part of the solution as there is usually a large amount of fuckery done to the registry as well.
I imagine that they will still need to rebuild every device before letting it back onto their network, to prevent immediate re-infection.