Who are the Hackers who have crippled part of Ireland’s healthcare system with ransomware?

The profile of hackers who have it Shutting down part of computer networks From the Irish healthcare system in a computer attack on Friday, May 15th, it is becoming more and more evident. according to Niche site Sleeping computer, Who obtained a screenshot of the ransom note provided by hackers, the Health Service Executive (HSE) computer systems have been infected with malware known as Conti.

HSE was forced to shut down its entire computer system on Friday due to the cyber attack. The organization has been infected with ransomware, which is a network virus that encrypts all files on computers, rendering them inoperable. This malicious program then demands a ransom from its victim, and promises to unlock the affected computers in exchange for paying in bitcoin.

Software sold to other hackers

According to statements by HSE CEO Paul Reid and the ransom request he revealed Sleeping computer, The Irish Public Health Service has been hit by one of the fiercest cybercrime programs, Conte, designed by a group of cybercriminals who have been baptized with the same name and have been privately active for a year.

Conte is one of the hottest players in the restricted world of ransomware operators, with 291 victims killed on its site. This is “ransomware as a service,” which means that the creators of this malware rent it out to other cybercriminals, “affiliates,” who then use it themselves to ransom their victims, and return a portion of their profits to the developers.

Like many groups, Conti publishes the stolen data from its victims on its site, to increase post-infection pressure and force affected companies and departments to pay the ransom. On Saturday morning, however, Conte did not yet mention HSE on its site, according to the results Scientist.

Ransomware operators are inherently difficult to track down, especially when attacks using the same virus are carried out by different groups of hackers. However, an analysis of Conte’s activity shows that this group and its “subsidiaries” do not attack companies or entities located in Russia and in some Eastern European countries, indicating that these hackers have been operating since one of those countries. This is a common practice, and many ransomware programs include a feature in their code that prevents a virus from infecting a Russian computer, for example.

Links to other cyber criminals?

Conte appeared in December 2019, and has quickly become a major player in cybercrime, Raised tens of millions of dollars in one year. In the first quarter of 2021, its ransomware was the second most virulent virus in the world, after the Sudenokebe virus. According to a report issued by the specialist company Coveware. During this period, approximately 10% of the injuries identified were due to Conte. In France, the criminal group is already claiming four victims on its website in 2021 alone.

Experts suspect there are links between Conte and another cybercrime heavyweight: Ryuk. It is a series of ransomware that has been active since 2018, wreaking havoc in the United States, hitting the media as well as hospitals, health institutions and local administrations. Last February, this was this ransomware Who were paralyzed, for example in FranceAnd the Hospital of Villefranche and Avnor.

Some security researchers doubt Conte is just a new type of Ryuk, designed for distribution and More widely rented to other cyber criminals. In a report published in February, the National Information Systems Security Agency He walked very carefully On this topic, indicating that while it is possible that these two programs were developed by the same people, it is also possible that the links between Ryuk and Conti come from groups of hackers who use these two tools for their attacks.