Deja Vu wha!
Ya wha? Again???
The news reported the Dept of Health was already hit, as was Tusla, or was it really another attack as suggested might happen and exactly how did this happen, what is actually going on?
A little recap on yesterday musings:
Are they planning more attacks?
We might assume the IT infrasturure, HSE, DOH, Tusla (and possibly others as a precaution), had been secured and taken offline since Friday, you know 3 days ago. Close everything down. Take stock. Compromise. Damage. Backups etc.etc. Remember?
Lets see, what else there is…
The Irish Times reports that the first signs of the attack emerged late last week but became more obvious on Saturday, when the Department’s systems closed as a precaution.
Ok so that’s Friday right? Last week means attacks on Friday yea?
So how was the Dept hit again on Saturday? I’m confused, let’s read some more:
In a statement, the Department of Health said it “can confirm that late last week it was subject to a ransomware attack similar to the attack on the HSE. Since Thursday we have been working to respond to this incident.
Deep breath… the opening article should read the following to be true:
The Department of Health is the
victim target of a cyberattack, similar to the one that struck the Health Service Executive on Friday and the one that hit the Department of Health Thursday.
Its time for a Timeline update:
Thursday 13th: DOH us under direct cyber attack hitting core IT servers. (Radio/Media silence).
Friday 14th: HSE core servers taken out, impossible to hide public facing service implosion. Media are told “ransomeware”
Saturday 15th: DOH are still up and running and face second direct hit.
Sunday 16th: Media report the 2nd cyber hit on the DOH revealing a deeper level of attack and broader timeline and run of events. Ransomeware narrative remains in place.
If anyone wants to correct or update any of this point please do.
More analysis in next post.