Tuesday 21 November 2017

'One of the biggest attacks in history': Six things you need to know about the worldwide ransomware hit and what it means for Ireland

Scale of the attacks described as 'unprecedented' by cyber-security experts

Rebecca Lumley and Laura Larkin

Cyber attacks which have thrown the NHS into chaos are making their way across Europe and are being treated by the HSE as a “major incident.”

Computer systems in over 70 countries were rendered useless once infected by ransomware, which blocks access to a computer’s hard-drive and forces victims to pay a sum of money in order to regain access to files.

The scale of the attacks have been described as “unprecedented” by cyber-security experts. Here's everything you need to know so far:

1. What exactly happened?

Computers across the world have been infected by a ransomware virus, rendering their hard-drives unusable and demanding payment in order to de-encrypt the computer systems. The number of people affected and the speed by which the attack has spread is unprecedented.

The Guardian reported this morning that up to 74 countries have been hit by the virus, though it is not believed to have reached Ireland yet. Russia is reported to have been hit the hardest, with its Interior Ministry falling victim of the attack.

2. When did this happen?

The attack was carried out yesterday, Friday May 12. It is being described by cyber-security experts as one of the biggest ransomware outbreaks in history.

Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

3. What is ransomware?

Ransomware or 'Cryptoware' is a type of malicious software that infects computers, rendering the information contained in them unreadable. A message appears on the computer’s screen, instructing victims to pay a sum of money to an account. A code is then issued to de-encrypt the computer’s hard-drive.

Security experts said this morning that the ransomware appeared to be infiltrating organisations through innocent looking emails, which instruct employees to click on an email attachment. The virus then spreads internally from computer to computer when employees share documents and other files.

Affected users can restore files if they have them backed up on an external hard-drive, or may be forced to pay the ransom to avoid losing their data entirely.

4. Was this expected?

The ransomware is reported to exploit security holes in Microsoft software, which were highlighted several weeks ago by TheShadowBrokers, a group that has published what it calls “hacking tools” used by the NSA as part of intelligence gathering.

Shortly after this was released, Microsoft said they had issued software “patches” for these holes. However, many companies and individuals have not yet installed the fixes or are using older versions of Windows and Microsoft that do not support the fix.

5. What do we know so far?

Affected organisations have been hit by ransoms starting at $300 in the online currency bitcoin, before increasing to $400, $500 and $600 after a few hours, according to security researcher, Kurt Baumgartner.

In addition to Russia’s interior ministry, the biggest targets are reported to be the Ukraine and India, countries where it is more common to find older versions of Windows in use. Organisations in the United States have been affected, though the effects are not said to be widespread.

The NHS was majorly affected by the attack, which is believed to have been carried out by a criminal organisation. Hospitals were forced to cancel operations, divert ambulances and staff were forced to use their mobile phones to make calls and take notes by hand.

Affected hospitals asked people not to come to A&E unless absolutely necessary.

The National Cyber Security Centre is investigating the attack and is working alongside NHS Digital and the National Crime Agency.

6. What does this mean for Ireland?

The HSE are treating this as a "major incident", though no Irish organisations are said to have been hit by the ransomware yet. A special meeting convened last night in order to "consider the situation."

A HSE spokesperson told Independent.ie: "On foot of that meeting it was decided that, as a protective measure, the HSE’s Office of the Chief Information Officer would remove all external access to the HSE's Network to protect the integrity of clinical IT systems throughout our Health System."

The HSE said it will continue to monitor the situation closely and work alongside NHS Scotland and NHS England to gather intelligence.

A spokesperson for the Department of Education said:

"At present, there are no reports of any incidences of this malware in Ireland. The NCSC is monitoring the situation carefully, and cooperating with the HSE, with industry and with the Garda Cyber Crime Bureau. The NCSC has also been in contact with similar bodies in other EU countries, including the UK, and will continue to act as conduit for technical information around this issue."

Online Editors

Promoted Links

Today's news headlines, directly to your inbox every morning.

Promoted Links

Editor's Choice

Also in Irish News