Eastern European crime gangs said to be main suspects in HSE cyberattack
MAJOR Eastern European organised crime gangs who are working together are the chief suspects behind the cyberattack that has brought the Irish health service to its knees, the Irish Mail on Sunday has learned.
It is understood that gardaí believe major organised crime gangs (OCG) are involved in the attack, with suspicions that these are ‘supported and sponsored’ by state actors in terms of cyber warfare.
As of yesterday the Health Service Executive (HSE) had not moved beyond the ‘containment phase’ of the damage.
More than 85,000 computers have been switched off and the ‘true extent’ of the damage won’t be known until later this week.
A source told how the gang responsible could have gained access to the system ‘weeks ago’. ‘The evidence is large Eastern European organised crime gangs who have been launching cyberattacks on government bodies, as well as targeting large private companies, are responsible,’ the source told the MoS.
‘They’re getting in and they could be in for long periods of time, collect the information and then look for a ransom to be paid in Bitcoin.
‘They could have been in the health system for weeks and weeks.’
It is understood the situation is so severe there may be no other option but to pay the ransom demand.
‘There are about 85,000 machines turned off and they won’t be back on until early next week and we won’t know the true extent of the damage until next Monday or Tuesday,’ a source said.
‘The ransom may have to be paid, it is that bad. Large OCGs have developed capabilities that are wreaking havoc on US multinationals and large companies and are getting millions. It is suspected military could be involved with intelligence, but the front at the moment is they are Eastern European OCGs.’
HSE chief operations officer Anne O’Connor said the agency was alerted to the attack at 4am on Friday and she described it as a ‘zero-day threat with a brand new variant of the Conti ransomware’.
Conti has been used to attack over 50 organisations in the last month alone.
A source said: ‘I can tell you it is major and it looks as if there has been attacks on health systems across the European Union.’
The HSE has said a ransom has been sought, but said this demand will not be paid, in line with state policy.
A HSE source said the Rotunda Hospital in Dublin first spotted the issue. ‘This is because the digital maternity hospitals are the major users of IT infrastructure outside of normal office hours,’ they said.
The source added they will be turning the computers back on ‘very slowly’.
‘They will try to restore high priority system backups to see if they can get them online first. It will be a mammoth undertaking.’
Ransomware involves an attacker trying to gain control over the data held by an organisation or individual. The gang operates by getting into the system, beating the firewall, encrypting the information and then you have to pay to get your own information and access to your own system.
‘It is very, very advanced. The second phase for cyber security is to contain it; we’re not even beyond that yet,’ a source told the MoS.
There are now fears other departments might have come under similar attack and could have this threat lying unknown in their systems.