Report shows HSE (Irish Health Service) hacked by malicious Excel file [pdf] (opens in new tab)

(hse.ie)

84 pointsparadaux4y ago12 comments

12 comments

This report was released 9 days ago, this hack was widely discussed on HN when it happened (https://news.ycombinator.com/item?id=27152402) and I thought the formal postmortem would be of interest !

comex4y ago

> On the same day, the Attacker posted a link to a key that would decrypt files encrypted by the Conti ransomware. [..] Without the decryption key, it is unknown whether systems could have been recovered fully [..] but it is highly likely that the recovery timeframe would have been considerably longer.

Is the implication that they paid the ransom?

The report seems to go out of its way to avoid stating why the attacker posted the decryption key.

paradauxOP4y ago

The health minister at the time explicitly stated that they did not pay the random, directly or indirectly (e.g. via a third party) although realistically not easily verifiable.

The discussion at the time was the perpetrators didn't expect to have the effect they did, effectively halting the entire health service for several weeks to months. I think the ethics element as the other commenter stated is a valid one, as one is playing with another's life when you interfere with medical operations, routine or otherwise

donalhunt4y ago

Another theory floating around was that the publicity was good PR for the attackers.

lrem4y ago

I imagine the hacker was somewhat upset by the fact that the victim seems unlikely to be able to pay up and people are about to start dying soon. Having blood on your hands is not only a different matter ethically, but changes the likelihood of law enforcement actually doing something against you.

raverbashing4y ago

Maybe, but unlikely. I think it's more of an "ethics" issue (read: attackers don't want to get more heat than needed and also the HSE would have trouble paying for it)

Xelbair4y ago

Usually the ransom is paid by 3rd party.

Goverment agency hires a contractor for data recovery, the rate is Ransom + flat rate. they just pay the ransom and recover the data.

1 more reply

coldcode4y ago

As usual people ignore messages that basically told them what was happening. Reminds me of the Target hack where they installed some anti hacking system which immediately tossed out warnings which seemed excessive so they turned it off for a few months.

But security is an expense and people don't like paying money.

A financial company I worked for in mid 2000's decided the only thing they needed to do was buy some encryption for the disks their databases ran on, which of course would do nothing to keep someone from just using SQL to extract all our customers credit card data.

murphy2144y ago

What is an acceptable signal to noise ratio for a security tool to be useful? clearly some amount of false positives to any real threat ratio causes people to just ignore it completely. Cue me looking at my npm vulnerabilities with I install packages lol.

rusk4y ago

We’re not talking about thermal noise here. Each and every signal has a determinate source. You need to go through each and every one, but doing this effectively often involves paying lots of money to “some nerds” (rather than your own in house supplicants) and that’s where this kind of thing usually falls down.

j / k navigate · click thread line to collapse

12 comments

paradauxOP4y ago

This report was released 9 days ago, this hack was widely discussed on HN when it happened (https://news.ycombinator.com/item?id=27152402) and I thought the formal postmortem would be of interest !

comex4y ago

Is the implication that they paid the ransom?

The report seems to go out of its way to avoid stating why the attacker posted the decryption key.

paradauxOP4y ago

The health minister at the time explicitly stated that they did not pay the random, directly or indirectly (e.g. via a third party) although realistically not easily verifiable.

donalhunt4y ago

Another theory floating around was that the publicity was good PR for the attackers.

lrem4y ago

raverbashing4y ago

Maybe, but unlikely. I think it's more of an "ethics" issue (read: attackers don't want to get more heat than needed and also the HSE would have trouble paying for it)

Xelbair4y ago

Usually the ransom is paid by 3rd party.

Goverment agency hires a contractor for data recovery, the rate is Ransom + flat rate. they just pay the ransom and recover the data.

1 more reply

coldcode4y ago

But security is an expense and people don't like paying money.

murphy2144y ago

rusk4y ago

j / k navigate · click thread line to collapse