With ransomware attacks on the increase, Irish businesses must take all precautionary measures to protect network, systems and information from this type of cyber-crime. Furthermore, an organisation must be prepared to triage, investigate, contain, eradicate, and recover from a ransomware attack, should it materialise.
14 May 2021 A vicious ransomware attack, which is likely the most significant cybercrime attack on the Irish State, resulted in the Health Service Executive (HSE) temporarily shutting down its IT system. This affected patient hospital appointments and all national and local systems involved. Significant disruption occurred with routine appointments cancelled, including cancer, maternity check-ups, radiotherapy, X-ray and MRI scans, specific treatments and administrative procedures1. |
7 May 2021 A ransomware attack impacted the network of the US energy operator Colonial Pipeline disrupting operations and the wider oil supply chain. It is believed to be one of the largest attacks on the US. The 8,900km pipeline usually carries 2.5 million barrels a day on the East Coast. The closure saw diesel supplies, petrol and jet fuel tighten across the US and prices rising. Cyber-criminal gang DarkSide reported having been paid the $5m (€4.2m) ransom by Colonial Pipeline2. |
12 May 2017 Four years ago, WannaCry ransomware malicious code took advantage of unpatched systems that affected 200-000-300,000 computers globally with billions of damages reported. It is estimated that the National Health Service (NHS) was impacted by the cancellation of 19,000 operations and appointments. This attack affected many sectors, including health, transportation, government departments, banks and car manufacturers. |
Bringing business critical systems back online affected by ransomware takes time. It can take several days or weeks and typically involve external security experts investigating ransomware incidents to determine the extent of damage and compromise of sensitive data.
Ransomware has been around for the last decade, but what exactly is ransomware? It is a type of malware that prevents you from accessing your computer and encrypts personal data, files and folders (documents, spreadsheets, pictures, and videos). A cyber-criminal will then demand a ransom payment to return the files and folders to you.
A ransomware attack is typically delivered via an email attachment like an executable file, an archive or an image. It can also get onto your computer via infected USB stick, or portable devices, phone or through visiting a compromised/exploited website. Once the attachment is opened or a user visits the compromised site, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then, it is too late to save the data through any security measures3.
See below a couple of screenshot examples
 |
 |
Cybercriminals are often motivated by money and tend to attack pipelines or the likes of banks or organisations who can afford to pay the ransom. The attack on the Irish Health system is recognised as a malicious act, performed by cybercriminals that have no regard for the impact on patients or children who need access to essential medical services.
The rise of cryptocurrencies, such as bitcoin, has resulted in an explosion of ransomware attacks. Cybercriminals like bitcoin payments are difficult to trace and can be transferred electronically without assistance from banks or other regulated institutions. These factors have led to an increase in ransomware attacks.
For CNI organisations, ransomware is the top threat. According to a recent UK National Cyber Security Centre (NCSC) report4, 84% of UK CNI providers experienced cyber-attacks in 2020, and 93% of those providers admitted that at least one attack was successful. For these larger organisations and institutions, the aim can include relying on human error to open the backdoors to an attack, blocking access to healthcare, education, or critical government services until the ransom demand is paid. While this threat has always been present, the move to home working has exacerbated the problem. A recent cyberattack on the National College of Ireland and Queen’s University in Belfast5, for example, highlighted the vulnerability of educational establishments now increasing their use of technology to move lectures online for thousands of students.
Mazars asked leading IT managed service provider Renaissance to provide their industry insights into ransomware.
“Ransomware is not a recent trend and has been around for several years. Whilst the initial focus of ransomware was to encrypt an organisations data and then demand a ransom for it to be released back to the user. Ransomware has developed into an organised industry crime and is now much more intrusive. Typically, a ransomware attack involves cybercriminals sitting within a target environment (e.g., within an organisation’s network environment) for a period, without being discovered and then the bad guys exfiltrate the data and hold the user to two forms of ransom:
These dangerous forms of cyber-attack require a multi-layered approach beyond running traditional backups and implementing anti-virus solutions. |
None of the 80 NHS organisations affected by WannaCry had applied the Microsoft update patch advised by NHS Digital’s Care CERT bulletin on 25 April 2017 following the receipt of intelligence of a specific threat from BT on 24 April 2017. Most NHS devices infected were running the supported but unpatched Microsoft Windows 7 operating system6.
Lessons learnt from other ransomware attacks can help to prevent a cyber-attack from happening in the first place. Unpatched systems are not the only known vulnerabilities; organisations must adopt a zero-trust technical and organisational approach:
Refer to the cyber security protect checklist for information on how to minimise cyber security risks. If you are answering no or not sure to any of these questions you may need to review your organisations current approach to cyber security.
Cyber security protect checklist
If you think your IT system is infected by ransomware, take the following immediate actions.
The Irish Government, Gardai and the NCSC believe industry and the public should not pay a ransom as there is no guarantee you will get access to your data, and you will be funding cybercriminals. Should your organisation be a victim of a ransomware attack, you must consider all these points.
For the next ten years, cyber-attacks are ranked as the second risk for business globally7. Not only for Ireland’s operators of essential services such as healthcare, education, energy and banking, but for all industry sectors. Now is the time for Irish organisations to act, to prevent or to minimise the disruption from future ransomware attacks.
Sources
Mazars and the Compliance Institute work together to provide unique insight into the views and expectations of financial services professionals and their preparedness for the individual accountability framework (IAF) and the senior executive accountability regime (SEAR).
On April 5, 2024, Finance Minister Michael McGrath launched a Feedback Statement (FS) on the proposed implementation of a Participation Exemption for foreign dividends within the Irish tax system. The FS invites feedback from interested parties on a “Strawman Proposal” developed for the implementation of the Participation Exemption.
In 2022, the European Securities and Markets Authority (ESMA) published its new multi-annual strategy for 2023-2028. ESMA’s 2024 Annual Work Programme is structured around the implementation of the ESMA strategy, fulfilling ESMA mandates in the legislation and building on the activities executed in 2023.
Build technological resilience so you can operate with confidence
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
Tailored solutions for assurance and value creation in a changing world
Transforming organisations by aligning people, processes and technology
Build trust with a robust approach to technology, processes and controls
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.