#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 12°C Monday 27 June 2022

HSE ransomware attack began on a single computer when an employee clicked on a link

Sources have confirmed an encryption key was provided by the attack launched by the criminal gang last week.

Image: Shutterstock/Elnur

THE HSE RANSOMWARE attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link, The Journal has learned.

A HSE worker, apparently struggling to access a non-functioning computer, sought help when prompted to do so in a file on their computer. 

“It appears that the person was trying to use their computer but received some sort of a message to use a messaging service to contact someone who could fix the problem,” a source with knowledge of the situation said. 

What followed was a lengthy exchange in which the hackers told the employee that they had accessed 700 gigabytes of data of patients’ home addresses and other personal details through their computer. 

The employee was told that a ransom of close to €15 million would be needed, the source said. 

“The hackers gave the person they were corresponding with examples of the type of file they had downloaded and then threatened that they would start selling patient data on at the start of the week if there was no ransom paid,” the source explained.

It is understood the communication was in English, and the hackers provided a decryption key, saying that they would sell the data if the ransom wasn’t paid.

 ”The message was in very calm, non-threatening language. It was very transactional,” the source added.

The downloading of huge amounts of data by the criminal organisation had already taken place before it was discovered late last week. 

Reports in recent days have claimed that a gang in Russia, known as Spider Wizard, are responsible for the hack. 

However, it is believed that rather than being a single group of criminals, it was instead carried out by dozens of people spread across multiple locations. 

Sources have told The Journal that the messages received did not identify the group as Spider Wizard. 

When contacted by The Journal tonight, a HSE spokesperson refused to comment as it “was an active investigation”.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

An earlier statement released by the HSE confirmed that an encryption key has been made available. 

“The HSE is aware that an encryption key has been provided. However further investigations have to be conducted to assess if it will work safely, prior to attempting to use it on HSE systems,” it said. 

The HSE this evening secured a High Court injunction to stop the illegal use of any data that may have been stolen during the ransomware attack. 

About the author:

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel