Health Service Executive (HSE), a provider of public health and social care services to residents of Ireland, was disrupted last week after an infection by Conti ransomware. After the initial ransom demand, the threat actors have seemingly changed their minds and gave HSE a decryptor without a ransom payment. Unfortunately for HSE, the threat actors didn’t have a total change of heart as they are still demanding payment to withhold the stolen data. In an effort to control or at least slow the spread of the stolen data, the High Court of Ireland issued an injunction barring any “sharing, processing selling or publishing” data stolen from HSE during the attack. While this is not likely to stop the group behind Conti or any other ransomware group from publishing victim data, the order is meant to prevent “legitimate information service providers” such as Google, Twitter, or news publications from sharing any of the data in their reporting.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that