Understanding and Mitigating Advanced Ransomware Attacks: Lessons from the HSE Ireland Incident

Abstract

Ransomware attacks have increased year-on-year, resulting in organizations of all sizes facing threats to their IT infrastructure and business operations. Companies cannot guarantee absolute protection from a ransomware attack, with social engineering being a significant weakness in an organization's cybersecurity structure. We examine the ransomware incident response framework with the analysis of a case study, the Health Executive Service of Ireland attack which occurred in May 2021. We construct a timeline of events, detailing the intrusion of the HSE IT infrastructure, subsequent encryption of systems, and the HSE and Irish government response. We examine the incidence response and the aftermath of the attack. Cryptocurrency plays an important role in the ability of ransomware groups to receive payment for the decryption of systems. We investigate the ability and potential weakness in the ransomware groups ability to maintain their business model if blockchain analytics are used to follow the money and seize the ransoms.