Hackers threaten to erase files of State bodies and county councils if ransom is not met
Irish Government departments and public sector bodies are being extorted
for access to their own files amid "a wave" of new cyber attacks.
The extortion attempts are part of a series of
ransomware attacks that delete files on computers if a ransom is not
paid to the hackers. The list of public bodies affected includes county
councils, Government departments and other State bodies.
"A number of Government offices have seen
evidence of these attacks," a Government spokeswoman told the Sunday
Independent. "A small number of offices across the public service have
[also] been affected."
Irish IT security firms say that the number of
ransomware attacks affecting Irish companies and public sector bodies
has mushroomed in recent months.
"We're seeing three to four attacks happening
per day," said Conor Flynn, chief executive of Information Security
Assurance Services.
"It's incredible the number of people being hit at the moment."
The Sunday Independent has also been contacted by readers who say they have been the victim of such ransomware attacks.
Ransomware attacks work when a computer's
files are encrypted, or locked, by an attacker's program. The computer
then displays a message warning that all of the files will be
irretrievably deleted unless a ransom is paid electronically. Ransoms
are typically set in the range of €300 to €500 but can escalate to
thousands of euro, depending on the target organisation.
The attackers have become increasingly
sophisticated, with some setting up help desks to talk people through
the ransom payment process.
"Their business model is to honour the ransom
payments because they want people to know that paying will unlock the
computers," said John Ryan of Zinopy, another IT security firm that is
dealing with a rise in reported ransomware attacks.
The Irish Government says the ransomware thieves have not been paid.
"At no time has any money been paid to
attackers, in bitcoin or any other format," said the spokeswoman. "In
all cases, the infected files have been quarantined relatively quickly
and services restored. The effect was largely restricted to single
desktop machines."