What do you do when you get a finger in the post?
For the past seven days, the Irish health system, known as the HSE, has been held hostage to a cyberattack and a €20 million ransom. This cyberattack has generated substantial media coverage globally. Informed and well-placed intelligence sources have told us that the cyber criminals involved are very concerned that the HSE attack is getting too much coverage heat on the criminals.
Irish news reports, including London’s Financial Times, refer to medical and personal information about Irish patients, stolen one week ago, are now being shared on the Dark Web. The Dark Web is only accessible using anonymised web browser called TOR.
The HSE files were offered by a group known as the Conti Locker Team. Yesterday, the Irish Government sought an injunction against any parties publishing these files online. It will be very interesting to see what unfolds as a result of this step.
The knock-on effect from the cyberattack has placed Irish hospitals in a perilous, paralysed position. Patients’ personal data, of which there were 27 files, including personal records of 12 individuals, is among the 700 gigabytes of data, including home address details and telephone numbers. They also include health staff employment contracts, payroll data and financial statements.
The sensitive medical records are the equivalent of sending a body part from a kidnap to their family, assuring them that they have the target and urgently demand a ransom. If a ransom is not forthcoming, other body parts will follow, or in this case, more data will be published on the Dark Web.
The Conti Locker Team have published this information to prove that they have it. It is a small selection of what they have, and in kidnapping terms, this is the equivalent of the finger in the post.
We have seen in recent times the Dark Web change dramatically and become more and more organised, with various criminal elements seeking to host chat forums as part of their desire to recruit more and more into their networks.
In the past few days, we have received many inquiries from clients and parties enquiring ‘what is the Dark Web? How do you access it and what might you find?’ We strongly recommend no one visits this area, as the Dark Web is a hotbed of nasty criminal activity. Everything you ever thought was possible is available at a price. Most items on the Dark Web have the potential to harm computer enterprises and anyone unknowingly wandering around can leave footprints for others to follow you back.
Among the things you can buy are credit cards, counterfeit money, child pornography, personal ids, top tips to hack software, drugs etc. Virtually all the material on the Dark Web is illegal.
A stark warning to all is that if the Government pays this ransom to this criminal gang, they will be funding further attacks.
Clearly, nobody has learned the lessons from the WannaCry attack several years ago, which came close to bringing down the health and local government services in the way this one has. We now have a situation where the Irish Government is telling people not to go to hospital unless it is a real emergency.
For these criminal minds, the worst thing that can happen is being nabbed by law enforcement agencies and many informed sources believe this has started already. Once again, hardened criminal forces are very annoyed at the level of coverage this Conti Locker Team is getting right now.