Across the country today, IT managers and data protection officers must be taking sharp intakes of breath all round and thinking "there but for the grace of God go I."

The serious ransomware attack that has befallen the HSE and other health care facilities and services is a nightmare scenario for anyone involved in maintaining IT security in organisations.

Keeping out "bad actors" and their malicious software or "malware" is the bread-and-butter job of cybersecurity teams.

But it is an increasingly difficult task, as hackers become more inventive and the rapid growth in the adoption and use of technology gives them more ways in.

All too often, cyber criminals are one step ahead of the latest security techniques and in the HSE case, this once again appears to be the situation.

A previously unseen version of the existing "Conti" ransomware appears to have done the damage.

It was first detected in May of 2020 and according to anti-virus provider Sophos is similar to some other ransomware families.

But it has also "undergone rapid development since its discovery and is known for the speed at which it encrypts and deploys across a target system," Sophos said.

The original Conti is also a human-operated virus, meaning that rather than automatically worming its way into a system, it can be manipulated by humans.

This may mean that it has been placed in locations that will make it harder for the HSE, hospitals and services to track down and remove.

It also points to the HSE having been targeted this time, making the attack different to the Wannacry ransomware in 2017.

On that occasion, pre-emptive action by the HSE as the virus randomly swept the globe led to a similar precautionary and disruptive shutdown of systems for several days to prevent infection.

This time round though, the HSE has acknowledged that Conti has managed to infect some systems.

Conti is also different because it is a "double-extortion" ransomware.

In other words, whereas traditional ransomware encrypts files on a computer or system and only unlocks them when a ransom is paid, Conti can also do this and steal them.

Consequently, the data can also then also be used to extract an additional ransom from the subject, or the organisation from where it was taken.

"A year ago, a back-up system was seen as a reasonable security measure against these incidents - but the blackmail situations surrounding the threat to leak information is a completely different scenario and one that is extremely difficult to tackle," said Ronan Murphy, founder and CEO of Smarttech247.

The HSE claims there was ransom demand displayed on the screens of the encrypted computers, but it won't be paying it because of the message it would send out.

One would hope that the HSE is in a stronger position than most on this anyway, because it had systems in place to back-up files, which hopefully have not themselves also been infected.

For many smaller organisations though, taking a moral stance like this is not an option and instead they feel their only choice is to pay up.

Doing so can be a costly business indeed.

Paul Donegan, Palo Alto Networks country manager for Ireland, said the average cyber ransom paid in 2020 at $312,493 was more than double the figure for a year earlier.

"So far in 2021, the average payment has nearly tripled compared to the previous year – to about $850,000," he said.

"The highest demand we’ve seen in the last four months was $50 million up from $30 million for all of 2020."

What’s also still unclear is the method or "vector" used to get the ransomware into the HSE and hospital system.

It may be that an unknown technical vulnerability in the systems of the organisations concerned was identified by the criminals and then exploited.

Yesterday, some less sophisticated Distributed Denial of Service (DDoS) attacks took place against the HSE.

These involve servers being bombarded with internet traffic and in hindsight might have been the decoy for the ransomware, or an attempt by the hackers to find a way in.

But increasingly cybercriminals use a technique known as "social engineering", where they target specific individuals in organisations and using familiar content, names or contact details, trick them into opening infected attachments or clicking links to websites where the virus is waiting.

The fact that so many people are working from home makes it harder for IT administrators to prevent this type of trickery from taking place.

A zero-trust policy is really the only way to guard against this type of situation occurring, experts say.

"The driving principle of Zero Trust is 'trust nothing and verify everything'," said Paul Donegan from Palo Alto Networks.

"It helps those that implement it to defend against all known attack vectors, including malicious insider and phishing attacks, by restricting the attacker's ability to move through the network and alerting on their activities as they attempt to do so."

Resolving the situation won’t be easy or quick.

Experts think that despite the disruption it has caused, the HSE has taken the correct initial approach in rapidly shutting down its systems to prevent the further spread of the ransomware.

Opening it back up though will take longer, with every sub-system and in some cases individual machines having to be checked one at a time.

Only then can those networks be booted back up again, with the final step being their connection to each other.

In the meantime, hundreds if not thousands of appointments will be cancelled, test results stalled, diagnoses and treatments delayed and widespread disruption caused to an already under pressure health system.

One can only imagine what impact it might have had if this attack had taken place in January at the height of the current wave of the pandemic.

It all begs the question, who would do something like this?

The answer, most likely (though we don’t yet know and possibly never will), is international cybercriminal gangs who prey on large organisations, especially those where reliability of service is literally a matter of life or death.

According to Sophos, 34% of healthcare organisations say they were hit by ransomware in the last 12 months, and one in three paid a ransom.

Of those that escaped a direct hit, 41% say it is only a matter of time before they’re a target, mainly because ransomware attacks are becoming too sophisticated to stop.

Which just goes to underline just how vulnerable organisations and individuals are.

A timely warning to us all.