HSE cyber criminals accounted for 10% of market share of ransomware incidents in the first three months of this year, putting it in second place.
The cyber-gang suspected of paralysing HSE computer systems is estimated to have received almost €11m in ransom payments in 2021 from organisations and companies across the world.
Since HSE systems were attacked in May, the Irish Government said it would not pay the Conti ransomware group to get systems back up and stolen personal files returned.
HSE IT officers, the National Cyber Security Centre and its private cyber contractors, assisted by the Defence Forces, spent months repairing and recovering HSE systems, with 95% of servers and devices restored by September.
The European Union Agency for Cybersecurity (Enisa) has issued its Threat Landscape 2021 report, which said the Conti group was considered to be the second most dominant player in the booming ransomware market.
It cites the HSE attack as one of a large number of “major ransomware incidents” in its reporting year, April 2020 to July 2021.
The report said based on crowdsourced ransomware payment data that Conti made the “most financial gains” in 2021, with payments in the order of $12.7m (€10.95m).
It said the group accounted for 10% of market share of ransomware incidents in the first three months of this year, putting it in second place.
Along with a rise in the amount of money being demanded by the gangs, Enisa also reported “record-high payouts” from those targeted.
The Garda investigation into the Conti attack on the HSE is continuing and last September the Garda National Cyber Crime Bureau, assisted by police colleagues abroad, seized the “technical infrastructure” of the gang and warned other potential victims, some 753 organisations, to check their systems.
Ransomeware attacks enjoying ‘golden era’
The Enisa report said ransomware attacks – where criminals encrypt an organisation’s data and demand payment to restore access – were enjoying a “golden era” and that many experts believe it had “not yet reached the peak”.
It said there was a 150% increase in such attacks in 2020 and that ransomware posed a threat to national security of countries.
During the reporting period, Enisa observed increased targeting of critical infrastructure by cybercrime actors.
Cybercriminals have been “specifically targeting” the healthcare and public health sector despite the promises of some ransomware gangs to stop doing so during the pandemic.
“They grasped this opportunity during the pandemic since this sector became extremely significant and highly susceptible,” the report said.
Enisa also said disinformation and misinformation campaigns were increasing “at an unprecedented rate”, spurred by the increased use of social media platforms and online media.
Source: Irish Examiner