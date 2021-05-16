One of Ireland’s leading cybersecurity experts has warned that the criminals behind the ransomware attack on the HSE are increasingly as organized and reinforced as the Kinahan OCG.

rian Honan, CEO of BH Consulting, a cybersecurity and data protection consulting firm that spent four years acting as special adviser to Europol, said the ransomware attack is part of a global attack targeting health systems and providers, which has been ongoing throughout the pandemic.

Mr Honan said it was likely that the gang, which used a ransomware program known as ‘Conti’ to infiltrate and then retain the HSE’s data system for ransom, was likely to be grounded. in Russia or in a country of the former Soviet bloc where cyber security controls and international cooperation are minimal.

Profileing the likely perpetrators, Mr Honan told the Sunday World: “These are organized crime gangs whose main purpose is to make money and they do not care who harms or influences systems.

“They are also likely to be involved in other types of organized crime, be it human trafficking or drug smuggling.

“They would be on the same level with their rights as those of the Kinahan gang. The attacks are not the work of upset teenagers sitting in their bedrooms.

“And HSE is not the first health system to be victimized.

“Especially during the pandemic, we have seen a huge increase in organized crime attacks on hospitals around the world, as well as ransomware attacks on universities researching Covid-19 and vaccines and pharmaceutical companies.

“Anyone involved in the medical sector is being actively targeted by these criminals because they realize how addicted we are to the pandemic.”

Detailing the attack on the HSE, Mr Honan said: “The ransomware program used is called Conti and it is known that this program is used by organized crime gangs established by the former Soviet countries and possibly, most likely, Russia.

Asked how the Conti ransomware works, Mr Honan said: “The way the Conti ransomware band works is that they compromise a company’s systems, then they will spend a few days there trying to compromise some more and copy some from the data.

“Then they will also do what is called a double extortion claim. The first request is: ‘Pay us money to unlock your data’ and the second request is: ‘Pay us money so we do not release the data. that we have stolen online. ‘

“But the HSE have said they will not pay and that makes sense.”

Asked what amount of money ransomware gangs are demanding, Mr Honan said: “Last week, an American gas pipeline called Colonial was attacked by ransomware.

“The ransom demand for them was $ 5 million and they were paying him something that most people like me and most of the police force would say you do not do.

“It is widely known that half of the people who pay the ransom do not get their data back,” Mr Honan said.

Asked what happens in a blockage, as it currently exists with the HSE, where an organization refuses to pay the reward, Mr Honan said: “It usually ends with what the HSE is doing at the moment.

“The first thing you do is identify which systems have been compromised.

“You isolate them away from the rest of the network so that the infection does not spread further. You then reset parts of your system and your network in small sections.

“It’s a gradual process to recover and operate your system. And regardless of whether you pay the ransom or not, this is the process you have to follow so paying the ransom will not make your system recover faster.”

Mr Honan said this week’s attack should be a wake-up call for the government about the need to allocate increased resources for cyber security.

“We are promoting ourselves as an island of technology, so the Government must ensure at a national level that An Garda Sochna, the cyber security sector, the Defense Forces and the Office of the Data Protection Commissioners will have sufficient resources,” he added. ai.

