It is three months since the cyber attack on the HSE's IT systems which caused chaos for the health service whose staff were already dealing with a pandemic.
The ransomware crisis continues to intensify as criminal enterprises boost investment in highly profitable ransomware operations.
The Palo Alto Networks threat consulting team, Unit 42, has produced a mid-year update on average ransomware demand and payments.
The average ransomware demand increased by 518%, while the average payment climbed 82% since 2020 to a record $570,000 in the first half of 2021, as cybercriminals employed increasingly aggressive tactics to coerce organizations into paying larger ransoms.
A key factor is how gangs are getting more ruthless in their extortion tactics, what Palo Alto Networks call the rise of "quadruple extortion".
Ransomware operators now commonly use as many as four techniques for pressuring victims into paying:
- Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted
- Data Theft: Hackers release sensitive information if a ransom is not paid
- Denial of Service: Ransomware gangs launch denial of service attacks that shut down a victim's public websites.
- Harassment: Cybercriminals contact customers, business partners, employees and media to tell them the organisation was hacked
Paul Donegan, country manager Ireland, Palo Alto Networks said Ireland is being targeted by ransomware gangs and the experience of the HSE illustrates how disruptive an attack can be.
"Our latest research indicates the gangs like Conti are raising the stakes on their demands and the payouts that they can extract. Quadruple extortion tactics highlight how preventing ransomware attacks is a priority that Irish businesses and public institutions must embrace."
He said one of the most effective ways to protect cyber assets and infrastructure is adopting a zero trust architecture. "By operating a 'trust nothing and verify everything’ principle you can defend against attacks and limit the attacker's ability to move through the network and alerting on their activities as they attempt to do so."