The Conti ransomware attacked the Health Service Executive (HSE) of Ireland, and the service had to temporarily shut down its IT systems.
Although the attack did not affect the provision of emergency medical care, it is reported that some scheduled examinations and procedures could still be postponed or canceled, as medical staff lost access to online systems, electronic patient records and other medical records.The head of the HSE Paul Read told the press that experts are currently investigating the incident and trying to access its scale.
In another interview, Reed confirmed that Conti malware operators were responsible for this attack.
Bleeping Computer journalists received the screenshots of negotiations between hackers and representatives of the HSE. The attackers said they had been on the HSE network for over two weeks and had stolen 700 GB of files, including confidential patient and employee information, contracts, financial statements, payrolls, and more. In the chat, the attackers shared samples of the stolen documents, but the journalists did not see this evidence.
The hackers write that they will provide the HSE with a decryptor and delete all stolen data if they are paid a ransom of $19,999,000.
At the end of last week, the Prime Minister of Ireland, Michol Martin, officially announced that the ransom would not be paid to the attackers.
Conti has been active since summer 2020. It is suggested that behind the creation of the malware stays the Russian-speaking hack group Wizard Spider, which uses phishing attacks to spread the TrickBot and BazarLoader Trojans.
Due to the similarity of the source code, many experts believe that Conti is a kind of “successor” to the famous ransomware Ryuk.
Let me also remind you that we talked about First death due to ransomware attack: German hospital patient dies.
