Security News > 2021 > May > Conti ransomware also targeted Ireland's Department of Health
The Conti ransomware gang failed to encrypt the systems of Ireland's Department of Health despite breaching its network and dropping Cobalt Strike beacons to deploy their malware across the network.
The next day, at 07:00 AM, a human-operated Conti ransomware attack disabled some of HSE's devices, forcing the health service to shut down its entire IT infrastructure to limit the impact.
Around the same time, a second Conti attack attempting to execute ransomware payloads to encrypt the systems of Ireland's Department of Health was blocked by anti-virus software and the tools deployed by investigators the day before.
The NCSC also shared indicators of compromise [PDF] linked to the Conti ransomware attack on Ireland's health systems.
After the HSE ransomware incident, the Conti gang claimed to have had access to HSE's network for over two weeks and that they were able to steal 700 GB of unencrypted files, including employee and patient info, financial statements, payroll, contracts, and more.
Previously, Conti ransomware hit the Scottish Environment Protection Agency, leaking roughly 1.2 GB of stolen data on their dark web leak site.