‘We’re ready to publish’ — ominous ransom note sent to HSE by hackers demanding $20m revealed
Debbie McCann 17th May 2021
Cyber terrorists are seeking a $20m ransom from the State – and they claimed to have had access to the health system’s IT network for two weeks before making their demands, the Irish Mail on Sunday can reveal.© Provided by Extra.ie
The HSE is in a race against time to prevent the international gang behind the biggest ever cyberattack in the history of the State from releasing a huge 700GB of sensitive and confidential information about thousands of patients on the internet.
Anti-hacker specialists, gardaí and the Government are preparing for potential follow-up attacks on Government departments and State agencies, with some experts warning that paying the ransom may be the only way to secure the data.© Provided by Extra.ie Pic: Leon Farrell/Photocall Ireland
The MoS can also reveal that last night the Department of Social Welfare confirmed that it had shut down parts of its computer system that were connected to the HSE’s network. Taoiseach Micheál Martin has ruled out paying a ransom to the cybercriminals, a stance that so far has the backing of the public.
According to a MoS-Ireland Thinks poll published today, 80% of people support the decision not to pay the ransom. Just 11% of those surveyed said the ransom should be paid. Yesterday BleepingComputers. com, a technology news website that reports heavily on cybersecurity issues, shared a screenshot of a message sent between the ransomware Conti and the HSE.
In the screenshot, the gang claimed to have had access to the HSE network for two weeks. During this time, they claim to have stolen 700gb of unencrypted files from the HSE, including patient and employee information, contracts, financial statements and payroll details.© Provided by Extra.ie
The cyberattackers further stated they would provide a decryptor and delete the stolen data if a ransom of $19,999,000 (€16,465,640) was paid. This information was verified by senior sources who spoke to the MoS last night.
One source warned: ‘There may be no other way out of this [than to pay the ransom] and then you have to start building up your firewalls so it doesn’t happen again. This is a major incident and nobody can say right now what may have been stolen and what the damage is.
‘It’s so extensive it’s going to take about a week to really know what damage they have caused. ‘We fear other Government departments might have been targeted and they don’t even know it yet.’
The source added: ‘The people behind this and the gangs responsible could have gained access to the HSE system weeks ago. They could have been collecting the information for weeks and after they collected the information they then looked for a ransom to be paid in Bitcoin.© Provided by Extra.ie It was revealed earlier this week that the Health Service Executive (HSE) IT systems had been breached by hackers. Pic: Leon Farrell/Photocall Ireland
The situation is so severe that the ransom may have to be paid. Up to 85,000 computers are turned off at the moment but it is only as they are gradually turned on that the true extent of the damage will become known and we are only going to start getting an idea of the true extent of the damage on Monday or Tuesday.’
As the health authorities battle to assess the full extent of the problem, with some appointments for cancer and out-patients cancelled until further notice, experts are now warning that the malware virus could be making its way through the IT systems of other Government departments. The Minister of State for eGovernment Ossian Smyth described the cyberattack as ‘possibly the most significant cybercrime attack on the Irish State’.
One Cabinet minister told the MoS: ‘This is so serious. Your medical records, or mine or your granny’s could be up on the dark web tomorrow.’ The minister called for the Cabinet and the Cabinet Security Sub Committee to convene ‘today at the very least’. In a statement to the MoS, a Department of Social Protection spokeswoman confirmed that ‘a number of electronic communication channels with the HSE’ had been temporarily suspended while the HSE systems are offline.© Provided by Extra.ie Pic: Leon Farrell/Photocall Ireland
The statement added: ‘The department’s systems are fully operational and are monitored at all times. The Department of Social Protection has cyber-defence systems in place that react to any threat to its systems in the event of a significant cyber incident.’ The HSE was first alerted to the attack when staff at the Rotunda Hospital were confronted by the following message when they accessed their computers in the early hours on Friday morning.
The ominous message read: ‘All of your files are currently encrypted by Conti ransomware. If you try to use any additional recovery software – the files might be damaged or lost. ‘To make sure that we REALLY CAN recover data – we offer you to decrypt samples. You can contact us for further information…’
At this stage the cyberattackers offered links before then threatening: ‘YOU SHOULD BE AWARE! just in case, if you try to ignore us. We’ve downloaded your data and are ready to publish it on out [sic] news website if you do not respond. So it will be better for both sides if you contact us ASAP.’
The cyberattack comes after the HSE ignored repeated warnings to update its computer system. Many of the HSE’s computers are operating off software that is 20 years old. In 2019 the health authority admitted that 79% of its computers were running on Microsoft Windows 7 software.
Last year the HSE replaced some of its computers but despite this upgrade, it admitted more than 60% of its system was still using Windows 7. This 12-year-old software is deemed so antiquated its own manufacturer Microsoft issued a warning not to use it. A spokeswoman for the HSE confirmed that Microsoft was ‘providing support’. A leading information technology expert last night said the HSE made itself a ‘sitting duck’ for cyber terrorists because it failed to invest enough money in updating and securing its computer network.
Dr Simon Woodworth, a business information lecturer at UCC, said the HSE only spent €2m a year of its annual €20.6bn budget on security. But he said it should have been spending 18 times this amount. Dr Woodworth told the MoS: ‘At a minimum it should have been €36m.’
HSE boss Paul Reid yesterday described the cyberattack as a ‘very significant, sophisticated, high-impact threat’. When asked if the HSE has been able to retrieve crucial information, Mr Reid told RTÉ’s Katie Hannon: ‘We can’t fully establish if there has been any impact on some of the data in those back-up systems… what we want to be able to do is to bring them back up safely.