Cyberattack - HSE Locked Down & Held To Ransom



The Russians

Have entered the narrative… :icon_cool:

The most likely location for ransomware gangs was North Korea, China, or Russia, with Russia thought to be the likely location for the gang in the HSE attack, he said.

This article slipped behind the paywall but you can read it here in full.


Throwing everything at it yea, like the end is is sight.

Nationa Cyber Security Centre has,

No Office :white_check_mark:
No Director. :white_check_mark:

It’s like a phantom headless server or something.

He said the NCSC was “supposed to be kicking ass when it comes to all the other Government departments so you’d expect someone to have the appropriate status so they can interact with secretaries general across the Government service”.

But whoever was appointed would only be the equivalent of a principal officer level. “They’d be laughed out of the room which is one of the reasons why the cyber security centre isn’t being taken seriously,” Dr Berry told The Irish Times.


The Daily Sophostry

Day 5 of the Cyberwar

As outlined previously with the news cycle currently deprived of Attack Of The Virus cases & deaths data looks set to run with dedicate a day to a bullet point to control and dominate the news cycle, lifted straight form the Sophos News Conti Ransomeware piece.

Here is a quick summary of the headline point int eh document if you have not already read the entire thing, you might already recognise various go to talking point or on-point info used:

What to do immediately: contain and neutralize

The first thing you need to do is determine whether the attack is still underway.

Second, you need to assess the damage

Last, but definitely not least: you’ll want to talk to people about what’s happening, but the attackers may be eavesdropping so don’t use your normal channels of communication .

What to do next: investigate

1. The attackers have most likely been on your network for a few days or even weeks.

2. The attackers could use a variety of different methods to break in your network.

3. They will have secured access to domain admin accounts as well as other user accounts.

4. They will have scanned your network . They know how many servers and endpoints you have and where you keep your backups, business-critical data and applications.

5. The attackers are likely to have downloaded and installed backdoors that allow them to come and go on your network and install additional tools.

6. In addition to the encryption of data and disruption to software and operations, Conti operators will try to exfiltrate hundreds of gigabytes of corporate data prior to the main ransomware event.

7. They will have tried to encrypt, delete, reset or uninstall your backups .

8. The attackers will have tried to identify what security solution is used on the network and whether they can disable it .

9. The most visible part of the attack – the release of ransomware – probably took place when no IT admins or security professionals were online

10. The ransomware will have been deployed to all your endpoints and any servers that were online at the time of attack – providing that is what the attacker wanted.

11. The launch of the ransomware is not the end.

12. The time spent in your network will likely have allowed the attackers to steal business critical, sensitive and confidential information that they now threaten to publicly expose .

Monday May 17th Media Sophistry:

Looks to match Point 6

6. In addition to the encryption of data and disruption to software and operations, Conti operators will try to exfiltrate hundreds of gigabytes of corporate data prior to the main ransomware event.

Targets are threatened with the risk of their data being published on a so-called “leak site” for anybody to download, unless they pay the ransom. Some of the more valuable data is often sold to other attackers to use in further attacks.

Once a file server is identified, attackers often use a tool called “Everything” that enables very fast file searching for keywords, for example “account,” “confidential,” “Social Security number.” After they identify the data, there are numerous methods the attackers can use to steal it.

For example, they could simply login to an online email service and email it somewhere or use a cloud storage provider like DropBox. Alternatively, they could install an FTP Client like FileZilla or Total Commander FTP and upload the data to their server.

Some of the largest exfiltrations are done in a more automated way. For example, they might use a tool like RClone. This is a command line tool that connects to a wide variety of cloud storage providers. A commonly used one is MEGA as it offers extra levels of anonymity that attackers like. A few simple commands to RClone are all attackers need to exfiltrate entire directories to MEGA.


From the boys and girls foaming at the mouth love who want to stick experiemtnal synthetic genetic goo into your veins and the bodies of your children and babies.

Minister says new director of National Cyber Security Centre will have higher salary

Mr Smyth was responding to criticism by Independent TD and former member of the Army Ranger Wing Cathal Berry that the position – which has been vacant for a year – could not be filled because the salary was low and was equivalent to a principal officer.

Mr Berry was also critical of the fact that the NCSC does not have a permanent premises and therefore had no way of customising it to their specifications.

:horse: :door::nut_and_bolt:


Dec, 2020

Enjoying the show? :tv:

Ireland’s hospitals risk being hit by the same deadly cyber-attacks hitting hospitals in other countries, a leading American cybersecurity expert has warned.

One such attack in September was being blamed for contributing to the death of a pensioner needing emergency care for an aneurysm in Düsseldorf, Germany.

She had to be diverted to another city because a ransomware attack at the hospital in Düsseldorf caused too much disruption to its IT systems for her to be treated there.

You’re welcome.


Preliminary data shows the injectable genetic goo has complete immunity from all cybernetic attacks and takedowns.

It’s like magical. Unstoppable. Miraculous even. Perhaps, now I know, yes I know it’s experimental but run with me here. Let’s get the army corps to courier some vials over to the data/server locations, and start administering the first shot directly onto the CPU die, then the the second dose directly to the Ethernet ports, spacing these out by approx 21/28 hours after the first dose.

Before anyone tries to claim HCQ or Ivermectin would work like the batshit crazy conspiracy theorist they are, think about your actions and all the grannies you have killed by simply having such hate-thoughts. Seriously. Get a life.


It’s fair to say this cyber attack is a bit of a setback for the “Vaccine Passport” agenda. So from a civil liberties perspective the attack is…actually a defence


Not much mention since of the massive data compromise, hack and takedown of the secret deep state within a state Tusla.

Funny how it’s just HSE. Man it’s like the HSE is WTC 1 & 2, most forget the pentagon and Flight 97/Hole in the ground, second attack on the HSE on Saturday is like Building 7, Tusla being the SEC filingsivestigation files. I’m waiting to find out who is making off with the truck of gold, well if the analogy fits… :whistle:

Over on political irish someone thinks it’s a direct hit by The Alliance. So there that angle too. Provid being cyber-soleimani’d? :ninja:


True - even today a friend was saying how much information they had to give to register for the vaccine (I am hoping she won’t attend as she’s been hesitant from the start…) and do the hackers now have all that information.
DOB, mothers maiden name, PPS, e-mail etc. apparently a lot of information was required!


360 new cases of Covid-19 confirmed (

In a post on Twitter, it also confirmed that daily case numbers may change due to future data validation.

The number of people who have died with the disease has not been published since the HSE and the Department of Health were subjected to a cyber attack last Friday.

The number of people with coronavirus in ICU is 42, unchanged since yesterday. There are 110 Covid patients in hospital.




Really looking like the Provid Regimes Cyber Pearl harbour.

As expected, it’s gettin’ badder and badder, with the reporting easing people into the reality.

Once the 2000 sever number was out of the bag, if even virtual. It did not look good. Ok, let’s say you bring back online 10 servers a day “safely”, why that’s 200 days… let’s up that to 50 server online a day, still 40 days.

It’s been obvious from the start this is going to go on for weeks and weeks and they’re breaking that relaity now slowly to the public, but the initial spin was “disruption” and cyber crime attack, HSE, victim.

If this really was a ransomeware, why are they trying to battle it out without paying? Pay up, decrypted all the machine and they are back online in a day or so. Ransomware still looks like a cover. Otherwise are they trying to do the impossible or very frictions? This is why a ransomeware attack of this magnitude is so debilitating and why target pay up.

See now, the language is changing to attack on the state, drip drip drip

Criminal gangs don’t usually hold a State to ransom ya know. Think about it.

Not seeing info on what happened to the Deep State Tusla data.


What level is the health service functionally available would anyone like to wager, 3rd world, 2.5 world, 2nd world or unknown world?


Chief Bilderberger of Ireland moves more toward a WAR framing n Sunday:

Speaking on RTÉ’s This Week, Mr Coveney described how the HSE has “effectively set up a war room” to deal with the issue, supported by a number of Government departments and groups including Interpol.

“The truth is what has happened right across our HSE healthcare system is malware has been inserted across the network. It is going to take some time to clean that data piece by piece and protect as much of the data as possible,” Mr Coveney said.

A little off script here Simon, but we won’t split hairs, could be screw up in the, ransomeware is a type of malware.

"We have a lot of smart people in both the public and private sector working with a Government team to try best protect private information that is being hacked effectively.

Mr Coveney said he does not believe those tackling and investigating the attack are speaking to the criminals, but they are talking to many people who are used to speaking with criminals in these type of situations, to make sure we protect citizens and the State as best possible.


Well that seems pretty smart.


Some more reporting from RTE Sunday.

The HSE said this morning it is unaware of any of the detail of any ransom request for the restoration of its systems.

Yet it was reported 3 days previously that Michaél Martin would not be paying any bitcoin ransom. Did he presume that was the request or did he know that from reading the sophos script, and then did he say his lines out of sync?

It confirmed a message was left on its systems confirming the ransomware attack with a link to click for more information which would lead into a chat on the darknet.

If no one clicked the link 't click it how do you know unless you are using the sophos script as a guide? :thinking:

Let’s recap:

Michael Martin knew they wanted Bitcon on Friday 14th of May. The HSE on Sunday 16th of May via RTE reporting indicated they had no knowledge of any ransom request but claimed a message on the system confirmed a ransomware attack that would most certainly take them to a place called the darknet for a chat, which seem to cross verify what Simon Covney confirms, is that the really smart people dealing with sorting this out are not talking to the hackers at all, only talking to people who have past experience talking to criminals in these types of situations.


DAY 7 - Cyber Attack

They’ve really been working hard framing this as an attack on individual patients n the media for a number of days, almost like it was a personal targeting of each and every persona on the island - as if any hackers give a fiddlers about the pennys & cents, it’s the gross effect that should catch the attention of the guardians of the “common good” and bend their will and submit to the mysterious demands.

If there really are hackers and ransomware in play, then they’ve done a super service to the Irish people by assuming the Provid Regime actually care about the people and allowing the spectacle to stand front and centre for all too see.

HSE patients’ stolen data appears online, according to reports

Medical and personal information about Irish patients is being shared online, according to media reports.

The Financial Times claims it has seen screenshots and files confirming that personal data has been leaked online, following the cyberattack by hackers on the HSE.

The records reportedly include internal health files, minutes of meetings, equipment purchase details and correspondence with patients.

Minister for Communications Eamon Ryan could not confirm the FT report but said it appeared “very credible”.

I’m sure the Provid’s are feeling very nostalgic for daily Cases & Death headlines. Very nostalgic.

Reported Provid Regime Losses:

Dept. Of Health.


New Zealand Hit

Different spin from RTE , Ryan Regrets, but he tells us NZ are hit so like it’s not jsut us who is totally crap at shit blah blah…

All of the DHB’s IT systems and phone lines are down, but it has insisted it will not be paying any ransom to the hackers behind the attack.

Kevin Snee, Chief of the Waikato DHB, said he did not know who was behind the apparent ransomware attack or if it was connected in any way to the attack on the HSE.

So that’s 2 Menace Deep State NWO Island Colonies getting hammered in cyberspace. Fascinating. Truly.

This might explain the drops in crypto, as deep state panic, the dash for cash and means. Imagine for once, not the people but the Squid is caught Bank running. Now wouldn’t that be gas all the same, am I dreaming’, maybe it’s just pesky hackers pretending to be takin’ down the Menace afterall. :sleeping:



Good luck with that.

The health system has a budget of €203m a year for IT, he said, and the Government was aware of the need for investment and beefing up of cyber security resources.

Labour Party leader Alan Kelly, meanwhile, has told the Dáil that local a GP contacted him to say that a patient of his was contacted by a medical organisation outside the State regarding a procedure he needed.

During Leaders Questions, Mr Kelly said that the medical organisation had his medical history and knew exactly what he required, medically.

Mr Kelly said that the family and GP of the patient contacted gardaí.

He said that if this was happening at scale, “we have a big problem”.

Taoiseach Micheál Martin said that people should contact gardaí if issues like this arise, adding that An Garda Síochána have a dedicated cyber team to deal with such issues.

If the ransomware is a front i.e. cover story for a State actor level attack. Then there can be no ransom to pay to anyone. That is why they will not pay anything. It is relation for something serious. What is it that is so serious? Hmmm… :thinking:

If they paid a ransom. Instead of ignoring it and not talking to anyone. Then potentially would honour it and return the keys with nary a scratch to the paint work.

What and which exactly is actually the very thing that is going on?


What is Worse Than a Hacker?

If this really is a ransomware hit. Then the Provid Regime have admitted they are as bad as the hackers, or possibly worse.

Then the Provids could have paid a ransom and gaunarteed the data. If they choose not too. Then they knew the outcomes. Which is clearly demonstrated and been have very clearly explained via the media over the last 7 days.

The government have made it clear. Abundantly clear. Exactly what would happen because they had chosen not to deal with any hackers and choose a very specific path with real known outcomes.

The scenario that the Provid choose, as clearly communicated thus far equates to a potentially maximum WCS outcome could be summarised thus:

  1. All Data is lost. No backups. Backups destroyed. Provd No access.
  2. All Data has been copied off site and in the hand of Other/criminal parties have access.

If you feel this is not a fair assessment of the Provid regimes game plan actions and thus handling to date please counter, but this looks like snatching defeat form the jaws of victory in motion. No? :man_shrugging:


it is always intersting to compare the headline of the New Zealand cyberattack as reported in the MSM, very specifically NZ appear to be taking the identical stance of not paying and the headlines look identical to much of the reporting here. Fascinating. :thinking:

Cyber attack similar to HSE breach cripples New Zealand district’s health system|21 hours ago

Waikato District Health Board (DHB) has been brought to its knees by a cyberattack similar to the one that has crippled the HSE’s IT system in the last day.

Cyber attack impacts New Zealand’s health system

rnz|58 minutes ago

The cyber attack on the Waikato District Health Board’s IT system has put New Zealand’s entire public health system on high alert. The Associate Minister of Health Ayesha Verrall says most of Waikato DHB’s IT services are expected to remain offline for at least another 48 hours.

New Zealand health service hit by cyber attack

IT Pro|3 hours ago

A cyber attack hit part of New Zealand’s health service this week, and now hackers who claim to be behind the attack have made contact with health officials. The attack brought down the Waikato District Health Board’s (DHB) complete IT network on Tuesday which resulted in some appointments being cancelled.

Waikato DHB cyber attack a matter of when, not if - experts

Newshub on|18 hours ago

Experts say it’s not surprising cyber attackers have targeted New Zealand’s health system, saying there has been a lack of investment in security over the past few decades. And a recent payout to hackers in the US who crippled an oil pipeline company might have emboldened them.

New Zealand Hospital System Limited to Caring for Urgent Patients After Ransomware Attack

Newsweek on|1 day ago

While some hospital officials were told it was a ransomware attack, the country’s Ministry of Health described it as an “attempted cyber incident.”

Hackers claiming to be behind cyber attack that brought down Waikato DHB network have made contact with health officials

Newstalk ZB|5 hours ago

Hackers claiming to be behind a cyber-attack that led to surgeries being postponed at Waikato public hospitals this week have made contact with health offi

New Zealand Health Board hit by cyber security incident

Digital Health|4 hours ago

A health board in New Zealand confirmed on May 18 that it has been hit by a cyber security incident which has affected five hospitals.

Waikato DHB cyber attack ‘hackers’ make contact with health bosses

The New Zealand Herald|6 hours ago

Hackers claiming to be behind a cyber attack that led to surgeries being postponed at Waikato public hospitals this week have made contact with health officials. Tuesday’s attack brought the Waikato District Health Board’s entire IT network down,

Waikato DHB cyber attack began with email attachment - chief executive

MSN|13 hours ago

Services at hospitals across the Waikato continue to be disrupted after Tuesday’s cyber attack.On Tuesday morning, Waikato District Health Board (DHB) reported a “full outage” of its phone and computer systems,

Cyber attack on Waikato DHB’s IT system won’t be fixed until the weekend

The New Zealand Herald|18 hours ago

Waikato DHB’s entire IT service was sent into disarray yesterday morning leaving the health service along with other government and external experts scrambling to get its IT system back online. A Waikato DHB spokesperson told the Herald they hoped to have everything up and running by the weekend.

Waikato doctors go old school while teams face ‘demanding’ task of recovering IT systems following cyber attack|10 hours ago

Medics resort to writing patients names on white boards while they wait for cyber teams to bring hospital systems back up.

Cyber attack: Government not considering making payment of cyber attack ransom an offence - minister|1 day ago

Justice Minister Kris Faafoi says he is not considering making His comments came after a “cyber security incident” crippled Waikato District Health Board hospitals on Tuesday. In a statement about midday,

Ransomware hits AXA units in Asia, New Zealand health care

The Globe and Mail|1 day ago

The Thai affiliate of Paris-based insurance company AXA said Tuesday it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines.

Telehealth expert on Waikato DHB cyber attack

rnz|14 hours ago

All of the Waikato DHB’s internal IT systems including computers, phones and pagers have now been unoperational for more than 24 hours, leaving some patients awaiting surgery unsure when they’ll get it,

Ransomware hits AXA units in Asia, New Zealand public health provider

Japan Today|1 day ago

The Thai affiliate of Paris-based insurance company AXA said Tuesday it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines.