‘Significant Attack’


HSE CEO Paul Reid

This morning.


HSE shuts down IT system after ‘significant’ cyber attack (RTÉ)


20 thoughts on “‘Significant Attack’

  1. dhaughton99

    Youd think with all the stage craft lads in RTE that they could sort out that desk for them.A bit of spray glue and some new leatherette would sort it.

  2. ian-oG

    There is zero reason in this day and age to be vulnerable to a ransomware attack. We got one a few years back and we already had a disaster plan in place. Entire network was free and clear in a couple of hours.

    I know that their network is substantially larger than ours but nonetheless you can scale your disaster plan to your organisation, you just need to plan and you need to do it now.

      1. ian-oG

        It’s still a thing because the necessary precautions are not put in place. We were able to restore all the locked files from backups so we lost a few hours working time while we resolved the issue.

        The only reason ransomware is still a thing is because people don’t think it will happen to them.

        So they end up paying out. So the ransom people keep infecting peoples networks.

        1. Cian

          Do you realise that the HSE isn’t a single organisation? But a federation of hundreds of separate and distinct organisations.

          1. ian-oG

            Yes I do. Why?

            My point is simply to point out that you can make preparations for this sort of thing and not be held to ransom. It can be done for the smallest or largest of networks.

            All it takes is proper disaster recovery steps to be implemented and tested. I’ve seen dozens of networks bounce back from these within hours and no need to pay any ransoms and I have also seen dozens pay out small fortunes. Its a terrible thing to happen but it’s quite avoidable.

        2. Badger

          I’ve worked in a lot of places, many where budget was no issue. Every one of them had fears of ransomware, regardless of money spent on protections. The “ransom people” are far more sophisticated (and enriched, thanks to their currency of choice skyrocketing over the last 6 months) than any cyber defence team I’ve worked with. Well done on clearing your network within a few hours but I suspect there is far more complexity in that of the HSE.

          1. ian-oG

            Absolutely Badger, I agree with the complexity point but it seems that this was a simple file lock attack that encrypted essential files. You can restore the affected files quite easily if you have made the correct preparation.

            Sadly though, you are also correct about the sophistication of the attacker but simple steps can really mitigate the damage they cause. Considering the lack of further information it is likely they have made the preparations and all that is happening now is they are in the restore phase and considering the size of the organisation affected it could take some time for it to be resolved. Fingers crossed they have as its really a bad time for this sort of attack to occur.

          2. Badger

            Agree with most of what you say, but this is not a simple file-lock attack. The ransomware in question is extremely sophisticated and can take out shadow copies of files as well as network connected backups. This eliminates the speedy backup options and causes the affected to use offline backups which are notoriously slow to recover from.

  3. GiggigyGoo

    Which ‘system’? All of them, or specific ones, such as one dealing with Covid? Are they running Windows 98 still?

Comments are closed.