The Taoiseach has insisted Ireland ‘will not be paying any ransom’ after the HSE fell victim to one of the most significant cyber attacks in Irish history – but just what is ransomware?
On this week’s Tech Talk, Newstalk technology correspondent Jess Kelly sat down with Ronan Murphy of SmartTech247 to hear about the evolution of ransomware.
He began with a simple explanation of how it all works before describing some of the groups involved and offering his thoughts on the big question – to pay or not to pay?
“Ransomware is about encrypting a victim’s data,” he said.
“Typically, hackers get into a network via email or a user clicks on a link and once they get into a network, they encrypt all of the user’s data.
“Then they’ll offer the victim a way to decrypt that data - which we call a key - in return for payment, which is typically in the form of a cryptocurrency payment – and the cost can be quite substantial as we have seen with this issue in the US.”
Hackers
He said the people behind the attacks are getting more sophisticated all the time – and in many cases, are now capable of infiltrating systems without any need for a user to click on a bad link to let them in.
Not only that, but the hackers have added a new twist to their threats.
“Traditionally the fallout from ransomware was that they would encrypt your data and, if you didn’t have a backup, then you would have to consider potential payment,” he said.
“But they have now ramped it up a level and they are following what they call the double extortion trend.
“That means, not only are they encrypting your data but they are also taking it and they are then blackmailing you to say, ‘well if you want your data back, you have to pay us and if you don’t pay us, we are going to make all of your data public.’
“So that could be your patients, it could be your customers, it could be your confidential information and you can imagine the profound implications that has for your business in terms of legals, in terms of compliance – the fallout is really, really important and serious.”
DarkSide
Mr Murphy said the groups behind the attacks are becoming more professional all the time – noting that DarkSide group behind the recent Colonial Pipeline offers ‘ransomware as a service.’
“They are making so much money and it is so lucrative, that they are only getting better,” he said.
“They are investing more, they are hiring more people and the problem is just growing.
“So, this problem is only getting bigger and organised crime syndicates are getting access to these guys.”
He said the groups have a “degree of honour among thieves” – and generally will return your data once the ransom is paid.
To pay or not to pay?
Asked whether companies faced with a Ransomware attack should pay up, Mr Murphy had this to say:
“Let me put a question back to you. If you are a business and you have got 5,000 employees and all of your data is gone and your company has to shut down tomorrow and everybody loses their job if you don’t pay. Do you pay or do you not pay?
“My advice would be not to pay but I haven’t been in a position where 5,000 or 10,000 people will lose their jobs because the company is going to shut down.”
You can listen back here: