State agencies are being ‘proactive’ against cyberattack, says Minister

Europol calls ransomware attack, hitting almost 100 countries, ‘unprecedented’

 ‘WannaCry’ ransomware cyber attack hits thousands of computers in 99 countries encrypting files from affected computer units and demanding US$300  through bitcoin to decrypt the files. Photograph: Ritchie B Tongo/ EPA

‘WannaCry’ ransomware cyber attack hits thousands of computers in 99 countries encrypting files from affected computer units and demanding US$300 through bitcoin to decrypt the files. Photograph: Ritchie B Tongo/ EPA

 

Minister for Communications Denis Naughten said the HSE and Irish organisations may have been “lucky” to avoid the wave of cyber attacks that hit around 100 countries this weekend.

Speaking on Saturday, Mr Naughten said “thankfully to date there hasn’t been any reports of a successful attack here, and that is down to luck in some instances”.

The situation is being monitored closely, and the HSE has blocked any external access to their network while the threat of the ransomware virus is still present.

Mr Naughten said that many Irish state bodies and “agencies, particular the HSE, have been proactive. They have taken some of the older equipment out of their network, they have been able to shut down their network and not allow access externally over the weekend”.

Taoiseach Enda Kenny said on Saturday morning that the global cyber attack issue was a very serious matter and was being monitored very closely, and he was being updated on an hourly basis about the situation.

Business group Ibec said it was liaising with the Department of Communications to monitor the threat to Irish businesses.

“Ibec has previously called for adequate resourcing of the National Cyber Security Centre and the implementation of a cyber security programme. Government provided extra funding in this regard to the Department of Communications, Climate Action and Environment in Budget 2017 and in view of the increased threat we call for this funding to be increased significantly further,” Erik O’Donovan, Ibec’s head of digital Policy said.

An Garda Síochána said on Saturday evening there had been no identified cyber attack on any Irish state computer system from the wave of international ransomware attacks, although RTÉ reported a suspected attack on healthcare facility in the south-east.

The Wexford facility was said to be part funded by the HSE but not part of the State service and therefore not using its IT network.

A spokeswoman for the HSE said on Saturday evening it was “continuing to monitor the situation” but stressed that its official IT server had not been infected.

Europol said in a statement the recent attack was at an “unprecedented level” and would require a complex international investigation to identify the culprits.

The ransomware virus rapidly spread across computer systems in countries including Russia, China, Italy, Russia, and in the UK. The National Health Service computer system in the UK was affected, shutting down many of its systems and affecting services.

Payments

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time.

Translations of the ransom message in 28 languages are included.

The bug, which spreads through email, is called “WanaCrypt0r 2.0” or WannaCry. It is able to infiltrate older operating Windows XP systems, which Microsoft removed support for back in 2014. Computers that still use the older systems are open to being affected by the spread of the ransomware bug.

Microsoft has advised that people using older Windows XP systems who were not affected by the attack should upgrade their operating systems online immediately.

For those whose computer has been infected with the malware demanding a ransom payment Microsoft have said: “There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again”.

Information on what to do if your computer has been affected by ransomware, or how to better protect against being affected in the future can be found on Microsoft’s website: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

The news of the online virus has created concern among many businesses, including family GPs.

Dr Brian O’Mahony, IT expert with the Irish College of General Practitioners group has said family doctors and GPs using old computer software should not open emails on their practice computers on Monday until IT security fears have died down.

Dr O’Mahony said “there is a real threat to [GPs] practice computers from this virus”.

Emails

Speaking at the Irish College of General Practitioners (ICGP) AGM in Wexford on Saturday, he said: “I strongly advise doctors not to open their emails on Monday until they are certain their computers have the security patches made available by Windows last March. If those patches have not been uploaded, their systems are vulnerable.”

Pat Moran, who leads financial firm PwC’s cyber security team said what was unique about this attack “was the sheer speed of it”.

Speaking on RTÉ radio on Saturday morning, Mr Moran said “it was like a forest fire”.

The type of groups behind such ransomware attacks operated on the “dark web” he said.

To access the dark web users have to download special software, which allows them to search the internet on an unofficial server, unlike Google Chrome or Safari.

These unregistered servers, like Tor, mean the user cannot be traced from his web presence to the computer he is using via the IP address. The practice, said Mr Moran, allowed “organised criminal gangs to operate across borders”, which was difficult to trace.

NSAtheft

The malware was made available online on April 14th through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was scepticism about whether the group was exaggerating the scale of its hack.

On Twitter, whistleblower Edward Snowden blamed the NSA.

“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he said.

“It’s very easy for someone to say that, but the reality is the US government isn’t the only one that has a stockpile of exploits they are leveraging to protect the nation,” said Jay Kaplan, chief executive of Synack, who formerly worked at the NSA.

“It’s this constant tug of war. Do you let intelligence agencies continue to take advantage of vulnerabilities to fight terrorists or do you give it to the vendors and fix them?”

The NSA is among many government agencies around the world to collect cyber weapons and vulnerabilities in popular operating systems and software so they can use them to carry out intelligence gathering or engage in cyberwarfare. The agency did not immediately respond to a request for comment.

Additional reporting - Guardian