Conti ransomware attacks Ireland’s Health Service Executive

Health Service Executive
Written by Emma Davis

The Conti ransomware attacked the Health Service Executive (HSE) of Ireland, and the service had to temporarily shut down its IT systems.

Although the attack did not affect the provision of emergency medical care, it is reported that some scheduled examinations and procedures could still be postponed or canceled, as medical staff lost access to online systems, electronic patient records and other medical records.

There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners. We apologise for inconvenience caused to patients and to the public and will give further information as it becomes available. Vaccinations not effected are going ahead as planned.HSE executives reported.

The head of the HSE Paul Read told the press that experts are currently investigating the incident and trying to access its scale.

In another interview, Reed confirmed that Conti malware operators were responsible for this attack.

The major ransomware attack targeting the HSE is “quite sophisticated”, while the COVID-19 vaccination programme isn’t impacted as it’s on a different system.Paul Reid says.

Bleeping Computer journalists received the screenshots of negotiations between hackers and representatives of the HSE. The attackers said they had been on the HSE network for over two weeks and had stolen 700 GB of files, including confidential patient and employee information, contracts, financial statements, payrolls, and more. In the chat, the attackers shared samples of the stolen documents, but the journalists did not see this evidence.

The hackers write that they will provide the HSE with a decryptor and delete all stolen data if they are paid a ransom of $19,999,000.

Health Service Executive Ireland
At the end of last week, the Prime Minister of Ireland, Michol Martin, officially announced that the ransom would not be paid to the attackers.

Conti has been active since summer 2020. It is suggested that behind the creation of the malware stays the Russian-speaking hack group Wizard Spider, which uses phishing attacks to spread the TrickBot and BazarLoader Trojans.

Due to the similarity of the source code, many experts believe that Conti is a kind of “successor” to the famous ransomware Ryuk.

Let me also remind you that we talked about First death due to ransomware attack: German hospital patient dies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply