skip to main content

HSE cyber attack is devastating, but far from the first

The cyber attack on the HSE is by far the most devastating such assault to occur in Ireland.

But many businesses based in Ireland have been targeted by similar hacks in recent months and years, and a number of them have paid ransoms.

This is in absolute contrast to the Government's position of not paying any ransom to the Russia-based criminal gang responsible for this attack, which is known as "Wizard Spider".

Figures vary, but it is estimated that, in 2020 alone, somewhere between €350m and €1bn was paid to cyber criminals by companies hit by cyber attacks across the world.

Often, companies feel they have no option but to pay. They face going out of business if they don’t retrieve the data.

Sometimes, the hackers do honour their ransom demand and give encryption keys when ransoms are paid. But other times, having copied data, hackers come back for more money, threatening to leak the information publicly.

One of the biggest problems faced by Ireland’s National Cyber Security Centre (NCSC) and Gardaí at the Cyber Crime Unit is that many companies hit by cyber attacks simply don’t report it to Gardaí – or they delay the reporting of the crime until after a ransom has been paid.

What frustrates detectives and the NCSC is that having information as quickly as possible could help prevent the next attack.

There is a real problem to be tackled, because companies worry about negative publicity.

For publicly traded firms, they fear that word getting out that their computer systems were vulnerable to cyber attack could lead to a fall in their share price.

"You need to remember that every business that is hit by a cyber attack is a victim," security consultant Brian Honan told Prime Time.

"The HSE is a victim. Those responsible are criminals."

On the Conti website, which is hosted by a group responsible for the type of malware that has affected the HSE systems, the criminals describe their victims as "clients".

More than one gang could be responsible for the HSE cyber attack

On the site, which is only viewable when you use particular internet tools, you can see the names of companies in the UK, the US, Australia and beyond where all or some information has been published by Conti.

This, it would seem, is a threat to other companies: if payment is not made, then information will be leaked publicly.

For Russian investigative journalist Andrei Soldatov, there is no surprise that members of the Wizard Spider gang are believed to be Russian.

"Russia produces probably the biggest skilled community of hackers, and it’s going back decades," he told Prime Time.

"Once the Soviet Union collapsed, you had many people with technical and mathematical skills and a grudge against the West. It all started in the mid-90s."

Andrei said that, if the hackers are identified by Gardaí as being based in Russia, the only real hope is to ask for prosecutions in Russia.

"Everybody knows it is virtually impossible to extradite people from Russia if they are Russian citizens," he said.

"The only hope the Irish may have is to send information to Moscow and hope these people might be identified and sent to a Russian jail."

Security consultant Darren Martyn, who as a student broke into the computers of a number of organisations, said it’s important to remember that referring to the cyber hackers who have hit the HSE as one criminal gang is not entirely accurate.

"The gang currently doing the extorting mightn’t have been the guys that broke in in the first place," he said.

"They might have bought the access or contracted the break-in to another group. These people are opportunists who are looking for vulnerable entities in first-world countries."

Both Darren Martyn and Brian Honan agree that the Irish State needs to invest significantly more in terms of expertise and personnel to better protect itself from the next potential hack from people many thousands of miles from our shores.

Want to be part of the Upfront studio audience?