Britain’s ex-GCHQ chief has urged the government to ban ransomware payments to stop criminals profiteering from attacks.
Ciaran Martin, the founding chief executive of GCHQ’s Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday.
The Taoiseach refused to pay a ransom demand after the Health Service Executive (HSE) was plunged into chaos by the ‘most significant cybercrime in the history of the State’ which threatened the care of thousands of patients.
And Mr Martin today said making these payments illegal would help stop the funding of organised criminals who forced businesses into helping pay for further attacks.
He told The Times: ‘At the moment you can pay to make it quietly go away. There’s no legal obligations involved.
Ciaran Martin (pictured), the founding chief executive of GCHQ’s Cyber Security Centre (NCSC), spoke after the Irish health service was targeted by international criminals yesterday
‘There’s no obligation to report to anybody, there’s no traceability of payment of cryptocurrency. We have allowed this to spiral in an invisible way.’
Mr Martin pointed out there is legislation against paying ransom to terrorist organisations, but where a criminal gang is protected by a hostile state it is allowed – which he described as ‘absurd’.
He said in cases where the hackers threaten human life an exception should be made.
It comes after hospitals were reduced to pen and paper operations Thursday when the ransomware attack – believed to be by a Russian gang – forced the HSE to shut down major IT systems to protect them.
Online appointments were all cancelled as were some cancer and other specialist consultations, and HSE chiefs warned the health service could be in ‘a very serious situation’ if the temporary shutdown continues into next week.
Such an event could see thousands of appointments and clinics cancelled.
With the Taoiseach and the HSE both insisting that no ransom will be paid to the hackers, Chief Medical Officer Dr Tony Holohan yesterday said the attack will slow down their ability to organise effective testing and to measure the total number of Covid cases in the country.
Last week, the shutdown of the Colonial Pipeline, which carries 45 per cent of the fuel to the east coast of the US, threatened energy supplies. Pictured, Colonial Pipeline Houston Station facility in Pasadena, Texas
Online appointments were all cancelled as were some cancer and other specialist consultations, and HSE chiefs warned the health service could be in ‘a very serious situation’ if the temporary shutdown continues into next week (file image)
The HSE’s IT services were cripped after a ‘well-known’ gang of Russian criminals manged to infiltrate the HSE’s computer network and used a ransomware virus to encrypt some of the Health Service Executive’s data.
The European Union Agency for Law Enforcement Cooperation, EUROPOL, has multiple previous dealings with the digital crime gang.
What is a ransomware attack?
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups.
Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.
They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.
The hackers have demanded payment in Bitcoin, a crypto currency that can be almost impost impossible to trace, in return to unlocked the data they have locked.
The Taoiseach Micheal Martin last night vowed: ‘we will not be paying any ransom’.
He acknowledged that there would be a significant impact on healthcare services.
‘This is something that has to be dealt with in a methodical way. The system has been shut down. There’s an assessment underway, identification of the issues and other processes.
‘It will take some days to assess the impact and that is the proper way to do this and we will make those assessments over time. What’s important is people co-operate with the HSE, emergency services are open, the vaccination programme continues uninterrupted,’ he said.
Several cyber security experts said normally the only solution to situations like this is paying the ransom.
Speaking on RTE Drivetime Barry O’Sullivan, School of Computer Science at University College Cork said it is ‘virtually impossible to recover the data without paying the ransom’.
‘As much as it pains me to say, a ransom will probably be paid… unless the HSE is able to secure this data from very, very recent data… most likely disruption will be severe, with cancelled appointments,’ he said.
The Government believes the hackers tried unsuccessfully to target and lock them out of their ‘back-up’ drives. This means they believe they can have full services up and running in 72 hours’ time.
Dealing with cybersecurity threats is routine for large public and private organisations. Most are unsuccessful, with existing protections keeping an organisation safe.
In the U.S., the nation’s largest fuel pipeline was hit with a ransomware attack a week ago. Pictured: Fuel holding tanks at Colonial Pipeline’s station in Washington DC
Vehicles wait in lines at the Costco in Raleigh, North Carolina on Thursday. As the crisis entered its seventh day, fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations
Minister of State at the Department of Communications Ossian Smyth said the HSE had suffered ‘possibly the most significant cybercrime in the history of the State’.
And last week, the shutdown of the Colonial Pipeline, which carries 45 per cent of the fuel to the east coast of the US, threatened energy supplies.
In the UK the NCSC have been dealing with a rising number of ransomware attacks, with three times more in 2020 than the year before, and the global cost is thought to be as high as £120billion-a-year.
Mimecast, a cybersecurity firm, found almost half of British businesses targeted in the last year paid a ransom.
And Brett Callow, an expert in ransomware trends at cybersecurity specialist Emsisoft, agreed payments should be banned.
He said it would be short term pain, but ultimately would put a stop to future attacks.
Mr Martin also said insurers were part of the problem because they made it easy for companies to pay criminals to make the issue go away.
Britain’s education sector was crippled by dozens of ransomware attacks earlier this year, as schools battled to keep children in lessons despite coronavirus lockdown.
The Harris Federation, which runs 50 academies in London and Essex, was faced with a loss of 37,000 pupils’ email access, lesson plans and lunch payment systems.