Cork cyber-attack expert warns criminals can ‘re-hit’ organisations

A CORK IT expert has warned how cybercriminals can ‘re-hit’ an organisation and says businesses can protect themselves from being victim of a cyber attack.

A report last week found the opening of a malicious Microsoft Excel file attached to a phishing email led to the cyberattack on the HSE earlier this year. The ransomware was “detonated” on May 14, leading to an immediate crisis across the health service.

At a press briefing, chief executive of the HSE, Paul Reid, said a high proportion of the organisations that are subjected to a cyber attack are “re-hit” and that actions are being taken to mitigate the risk.

Explaining what happens to a system’s files once the ransomware is detonated, director of Radius Cork, Kevin O’Regan, said a digital signature is applied to every file in the organisation, meaning the data is manipulated in a mathematical algorithm, so that the file is changed and not recognised by the system.

“When they talk about the key, this key that the HSE supposedly got, what that does is that reverses back the change,” Mr O’Regan said.

“It’s like every single file that you own is locked and if you want your data back, you either have another copy of your data somewhere else that they haven’t locked or you pay for the encryption code.”

Mr O’Regan said that he would never recommend paying ransom and described it as a last resort. The risk with paying is that the cybercriminals could come back a second time or leave some code that could be used to “detonate or reactivate the attack at any stage”.

He said that the techniques that were used by these cybercriminals in the HSE attack were “very typical and very mainstream” and that there were no new or highly sophisticated techniques used.

BE PROACTIVE

Mr O’Regan said the type of attack that hit the HSE is typical of what the SME sector is exposed to and he advised organisations to be proactive, to get risk assessments done, to train staff, and to test.

Mr O’Regan said the most important thing for organisations to do is to perform a pre-evaluation or cyber assessment, from which a remediation plan can be produced.

Once the remediation plan is complete, the next most important thing is to ensure that the organisation has an escape route, in the form of a disaster recovery plan.

He said that another “critical” area is staff awareness and staff training, as “one of the weakest links, unfortunately, in the whole thing, is people”.

“These cybercriminals prey on the weakness of us, as human beings, and use concepts like social engineering to trick people into clicking a link or performing a task,” he said.