Cyberattack - HSE Locked Down & Held To Ransom

cyberspace
ransomware

#1

If the reports that that HSE has been hit with ransomware are correct, then reporting in the bought and paid for media will be official line narrative only, so the following could also be occurring but unreported:

  1. All the HSE Data may fully compromised and stolen, thus no guarantee it will not leak further.
  2. Negotiations may be ongoing with taxpayer money on the table.
  3. Money handed over does not guarantee adequate or any success to restore.

Basically assuming worst case scenario, HSE is facing a full data breech, a full data leak (all health records, details etc. etc. gone and/or leaked) with no guarantee to get it back or up and running exactly as before maybe ever - feel free to add to the list.


Coronavirus 2020
#2

Are they priming for the finance sector. Remember Ulster Bank. :exploding_head:


#3

Dr Evil Klaus Schwab warned about this recently he actually called it a “cyber plandemic” nah I’m not making this up. I don’t think we are down the rabbit hole any more Toto.


#4

It could always be a white hat or someone in the employ of some patriots. An atom bomb of truth like that would be one way out of this disaster.


#5

Ireland is a guinea pig for many things. This is probably one more of those things. How far can the conditions be pushed. How many more vectors of attack until the population cracks or notices.

What’s the current attack level Code Brown?


#6

How can they even know who it is ffs. It’s a strategic assault on the health system with the greater context. Is it the Joker?

The rules of war have been inverted. Civilians and civilian targets are seen as fair game.

Maybe it’s all part of the deal they struck last year when agreeing the terms of the virus LARP.

Minister of State for Communications Ossian Smyth said the cyberattack was not espionage but was led by an international criminal gang looking for money.

He described it as “possibly the most significant cybercrime attack on the Irish State.”

What we know so far

  • The attack began at around 4.30am on Friday and health service IT staff switched off all systems as a precaution
  • Cancellations and disruptions to services at hospitals are likely until the issues are resolved. It is not yet clear how long this will take but Leo Varadkar said problems could last until next week
  • Most appointments are going ahead but X-rays are severely disrupted. The health service is regularly updating this webpagewith any changes
  • Covid-19 test results may face delays – the HSE is urging anyone waiting for a result to continue to self-isolate
  • Covid vaccination appointments are running as planned
  • Emergency departments remain open and ambulance services are continuing as normal

Mr Smyth told RTÉ’s News at One that the attack had been an attempt to lock the HSE out of its own system, to steal the data and then try to ransom it back.

“This is a human-driven attack using an exploit that was previously unknown. They managed to compromise the system early this morning,” he said.

So not a test drive for some state actor level AI military level capability yea?

Probably been in there for a long time too.

Who is head of cyber defenses?


#7

Thank your lucky Stars according to RTE :partying_face: :dipso:

Updated • 3 minutes ago

Live Vaccine roll-out unaffected by ransomware incident

Progressive ransomeware arch-cyber criminals who really care.


#8

More of this language, form earlier report:

Mr Reid said the attack was “significant” and was not “a standard attack”. He added it was a “human operated” attack attempting to access data and seeking a ransom, but he later clarified that no ransom had yet been sought.

HSE chief Paul Reid said the attack was largely affecting information stored on central servers, not hospital equipment, and that emergency services continued to operate.

Hasn’t a clue. They haven’t a clue what is going on or has gone on.

How long has the patient got Doc?

Do you believe them?


#9

Super-Squeaky Bum Time

Bit more detail here from Will Goodbody, very much counter to the less detailed, less revealing statements from HSE heads and politicians.

A previously unknown or “zero-day” version of the existing “Conti” ransomware appears to have done the damage.

It was first detected in May of 2020 and according to anti-virus provider Sophos is similar to some other ransomware families.

But it has also “undergone rapid development since its discovery and is known for the speed at which it encrypts and deploys across a target system,” Sophos said.

The original Conti is also a human-operated virus, meaning that rather than automatically worming its way into a system, it can be manipulated by humans.

This may mean that it has been placed in locations that will make it harder for the HSE, hospitals and services to track down and remove.

It also points to the HSE having been targeted this time, making the attack different to the Wannacry ransomware in 2017.

On that occasion, pre-emptive action by the HSE as the virus randomly swept the globe led to a similar precautionary and disruptive shutdown of systems for several days to prevent infection.

This time round though, the HSE has acknowledged that Conti has managed to infect some systems.

Conti is also different because it is a “double-extortion” ransomware.

In other words, whereas traditional ransomware encrypts files on a computer or system and only unlocks them when a ransom is paid, Conti can also do this and steal them.

Consequently, the data can also then also be used to extract an additional ransom from the subject, or the organisation from where it was taken.

Screwed so… probably have everything and may be stolen and possibly gone as I suspected in earlier posts. Probably in the system for ages undetected.

There we have it, WFH might come back to bite the hand that fed it. Maybe.

The Provid Regime primary asset, the HSE used to enforcing sweeping medical tyranny on the nation is itself now locked down and out, held to ransom - my how the worm turns.

You could imagine the potential for a nphetgate or healthgate here is starting to dawn on some, where a whole bunch of emails become available to world somewhere, wikileaks style, a lot, very many, really the greatest amount of emails with some really unfortunate things. :ninja:


#10

Oh please please please pretty please…


#11

On the flip side. It’s a great way to remove daming evidence.

The HSE has been 9/11’d watch the fall out that will clarify what is actually going on and where the power play moves too next to het an idea of the level of theatre versus reality.

Perhaps we will see an attempt to established even more centralised power and draconian internet measures to be applied to your daily cyberspace, done reluctantly of course, for your own safety.


#12

No clear indications that other IT infrastructures are not comprised.

Looking more like they don’t know what has actually happened and it’s talk of “damage” with the Dept health IT involved. A direct hit! :ninja:

Extra super squeaky bum time - Code: Dark Brown.


#13

If it’s conti as per link below and they went baloobas. They’re super screwed.

Did they delete the backups, if they did they might not have any offline backups? :crazy_face:

Are they watching the panic remotely? :crazy_face:

Are they planning more attacks? :crazy_face:

This confirms they have probably been in there for some time. Who knows maybe a whole-of-provid hack attack is underway and then where else eh. Power. Water. Banks etc etc.


#14

No cases figures to be released for now. So the pandemic is having an intermission. Maybe for good.

The HSE is working to determine the extent of which patients’ medical records may have been compromised as part of the cyberattack on the health service’s IT systems.

HSE chief executive Paul Reid said they are examining “what level of data may have been compromised”, according to The Irish Times.

Compromised. All records could be stolen but maybe the real real story is Tusla, the jewel in the crown. Not much talk about Tusla, the self policing deep state within a state. All those children’s records.

Cyberattacks such as this one generally involve a “double extortion” attempt, withholding the hacked data while also threatening to release it widely. However, Mr Reid said the HSE was confident back-up data would allow them to rebuild the systems.

Not sure.

Mr Reid added work is ongoing to bring the IT systems back online “in a safe manner one by one” following their precautionary shut down on Friday.

Safe. Magical and safe.


#15

Dept of Health too apparently…


#16

I’m sure this hasn’t helped


#17

Deja Vu wha!

Ya wha? Again???

The news reported the Dept of Health was already hit, as was Tusla, or was it really another attack as suggested might happen and exactly how did this happen, what is actually going on?

A little recap on yesterday musings:

Are they planning more attacks? :crazy_face:

We might assume the IT infrasturure, HSE, DOH, Tusla (and possibly others as a precaution), had been secured and taken offline since Friday, you know 3 days ago. Close everything down. Take stock. Compromise. Damage. Backups etc.etc. Remember?

Lets see, what else there is…

The Irish Times reports that the first signs of the attack emerged late last week but became more obvious on Saturday, when the Department’s systems closed as a precaution.

Ok so that’s Friday right? Last week means attacks on Friday yea?

Yea ok.

So how was the Dept hit again on Saturday? I’m confused, let’s read some more:

In a statement, the Department of Health said it “can confirm that late last week it was subject to a ransomware attack similar to the attack on the HSE. Since Thursday we have been working to respond to this incident.

:icon_eek: Deep breath… the opening article should read the following to be true:

The Department of Health is the victim target of a cyberattack, similar to the one that struck the Health Service Executive on Friday and the one that hit the Department of Health Thursday.

Its time for a Timeline update:

:icon_eek: Thursday 13th: DOH us under direct cyber attack hitting core IT servers. (Radio/Media silence).

:icon_eek: Friday 14th: HSE core servers taken out, impossible to hide public facing service implosion. Media are told “ransomeware”

:icon_eek: Saturday 15th: DOH are still up and running and face second direct hit.

:icon_eek: Sunday 16th: Media report the 2nd cyber hit on the DOH revealing a deeper level of attack and broader timeline and run of events. Ransomeware narrative remains in place.

PREPARE


If anyone wants to correct or update any of this point please do.

More analysis in next post.


#18

Victim Of Humans

Theatre. Narrative building. Victim. Implication Crime. Held to Ransom. Attack. Theft. Damage.

Yea? Hmmm… :thinking:

A phrase that was bugging me, in the reporting, so forced, so contrived, so weird the repetition, some examples:

RTE’s Will Goodbody wrote, "The original Conti is also a human-operated virus, "

Ossian Smyth (Min. State. Communications) quoted as saying - “This is a human-driven attack using an exploit that was previously unknown. They managed to compromise the system early this morning,” he said.

Paul reid was also quoted, here from BBC - “Earlier, HSE chief executive Paul Reid told RTÉ’s Morning Ireland it is working to contain a sophisticated human-operated ransomware attack on its IT systems.”

This is reading from a script, the sophos script!

Do your own comparison but this on point info is link to a specific line as follows:

Conti ransomware is operated by humans.

Src: https://news.sophos.com/en-us/2021/02/16/what-to-expect-when-youve-been-hit-with-conti-ransomware/

If you read the whole document, you will very quickly see most of the reporting and quotes are lifted directly from the or sculpted to conform very closely to the Sophos Conti Ransomeware exposé.

Add to this, the revelation they have been under detected attack since at least Thursday, but when the HSE hit and they could no longer hide it. They pivoted to the Conti Rnasomeare script as a plausible cover to explain the attack, but why?


#19

The experimental gene therapy contracts. How sensitive you say. Seen they have been.

Pop fn Corn.


#20

Well given that you have to go to great extremes to stop Win10 machines from sending all your data to Microsoft that is probably a good thing. Win10 is basically just a tarted up Win7 with a huge amount of spyware added. It takes a huge effort to turn off all the spyware in Win10 so you should just assume that everything on a Win10 machine is completely accessible to Microsoft. Everything. You no longer have private data. Unless the person doing the install really knows what they are doing. And you have an external hardware firewall blocking all MS access. And even then Win10 will have problems working. By design.

So I will keep running Win7 for the foreseeable future. The only recent complication is having to create a custom install image for new machines. With USB drivers. No big deal really.