After the attack on Colonial Pipeline, the ransomware specialist attacked the HSE Ireland computer system.
“Our goal is to make money, not to create problems for society », Had pretended the cybercriminal group Darkside after the paralysis of the American oil pipelines of Colonial Pipeline at the beginning of the week.
Problems, Irish public health services only encountered this Friday, after another ransomware attack by Darkside on the computer system of HSE Ireland. Due to a problem called “serious », All systems have been shut down to prevent any propagation. Hospitals have had to cancel outpatient consultations, elective appointments and go back to paper and pencil. Vaccinations against Covid-19 have not been affected.
Read also :Colonial Pipeline: Biden wants to talk cybercrime with Putin
Another known victim of Darkside: the French subsidiary of the technology group Toshiba said it was the target of its ransomware in early May. The attack did not compromise any customer data, he assures “and the amount of lost work has been very minimal “. The group did not raise the subject of the ransom.
Doubts about the payment of a ransom by Colonial Pipeline
On the other hand, Colonial Pipeline would have paid the sum of 5 million dollars to be able to restart its operations more quickly, according to two sources close to the transaction cited by the Bloomberg agency.
Generally speaking, the FBI and the Security Department discourage the payment of ransoms because it feeds the economic model of criminals and gives them the means to generate other more sophisticated and ambitious attacks. But the daily cost caused by the stoppage of supply to gas stations in major American cities was also to be taken into account.
Read also :Darkside multiplies cyber attacks
Darkside began to be talked about in August 2020. Specializing in ransomware attacks, he has designed a software platform that he also offers to “affiliate” hackers. On Friday, a Darkside member reportedly admitted that some of the group’s servers were taken offline, according to cybersecurity firm Recorded Future, whose server was used to claim ransom payments. This announcement could also be a subterfuge to avoid having to pay associates.