ITP Techblog

Brought to you by IT Professionals NZ
« Back to Health IT

Conti 'ransomware as a service' may be behind DHB attack

Paul Brislen, Editor. 19 May 2021, 9:52 am

The cyber-attack on the Waikato District Health Board is being linked to a relatively new group of ransomware attacks known as Conti.

Conti appears to be a "Ransomware as a Service" package that is rapidly being adopted by cyber-criminals around the world. A successor to the Ryuk ransomware system, it would appear Conti is a more advanced "human-operated" version that not only encrypts a victim's data and demands payment, but threatens to expose that data if payment is not made.

US-based security firm Sophos Labs suggests the hackers infiltrate a site days or even weeks before they strike, ensuring they have access to as many systems and as many levels of authority as possible before pulling the pin.

The Irish Health Service Executive (HSE) is the most recent high-profile victim prior to the alleged Waikato attack and the Irish National Cyber Security Centre (NCSC) has activated its incident response process. The NCSC says it has also detected suspicious activity on the network of the Irish Department of Health but was able to fend off this attack before it began.

Meanwhile in New Zealand, the Government Communications Security Bureau's own NCSC is working with Waikato DHB to bring a resolution to the problem which has called a halt to hundreds of patient visits, including surgeries and other vital treatments, and which it hopes will be resolved by the weekend. The DHB's CEO told Radio New Zealand he did not intend to pay any ransom demand.


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio