In May 2021 the Conti ransomware gang crippled the Health Service Executive, Ireland's public health system. It remains the most significant cyber attack on Irish critical infrastructure to date. Years on, the same gaps that let it happen are still open across Irish organisations.
How It Started
A single malicious attachment, opened on one workstation, gave the attackers their foothold. They then spent weeks moving quietly through the network before detonating the ransomware. The breach was not sophisticated. It was patient.
What Went Wrong
A flat network let the attackers reach almost everything from one compromised machine. Antivirus alerts were raised and missed. There was no security operations centre watching around the clock, and backups were not fully isolated from production.
The Lessons Still Ignored
Segment your network so one infection cannot become total compromise. Monitor and actually triage endpoint alerts. Keep offline, tested backups. Run phishing awareness training, because the door is almost always opened from the inside.
The Real Cost
The clean up ran well over one hundred million euro, and patient care was disrupted for months. The attackers handed over a decryptor for free, which was luck, not strategy. No organisation should bet on the goodwill of a ransomware crew.
Written by Shreesh, Shamrock Security