Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Elnur

HSE ransomware attack began on a single computer when an employee clicked on a link

Sources have confirmed an encryption key was provided by the attack launched by the criminal gang last week.

THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer. 

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said. 

What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer. 

The employee was told that a ransom of close to €15 million would be needed, the source said. 

“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.

It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.

 ”The message was in very calm, non-threatening language. It was very transactional,” the source added.

The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week. 

Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack. 

However, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations. 

Sources have told The Journal that the messages received did not identify the group as Spider Wizard. 

When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.

An earlier statement released by the HSE confirmed that an encryption key has been made available. 

“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said. 

The HSE this evening secured a High Court injunction to stop the illegal use of any data that may have been stolen during the ransomware attack. 

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Niall O'Connor
View 167 comments
Close
167 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds