A ransomware group which locked Ireland’s Health Service Executive (HSE) out of its IT systems a week ago has shared a decryption tool that could allow restoration of operations, the Irish government has announced.
The move by the hackers was “an encouraging development,” the government said in a statement on Thursday.
The country’s National Cyber Security Centre as well as private contractors were examining the provided tool to make sure it “would support restoration of our systems and rather than cause further harm,” the statement added.
“Every effort is being made to restore important aspects of the HSE’s IT infrastructure as soon as possible and the focus remains very firmly on restoring medical services for the many thousands of patients in need of them,” it said.
The statement also stressed that the Irish government “has not paid a ransom and will not pay a ransom in respect of this crime.”
Following last Friday’s hack, which forced the HSE to shut down all its IT systems, an international hacking gang reportedly demanded $20 million from the Irish authorities. And, despite releasing the decryption tool, the perpetrators are still pushing for the ransom to be paid – a typical tactic for such tech crimes.
According to the Irish Times, the group threatened to start publishing and selling the information it stole from the HSE systems, including personal patient data, on the darknet from Monday if they haven’t received payment by then.
A day earlier, the Financial Times reported seeing files and screenshots which indicated that some HSE patient information had been shared online following the hacking.
Irish investigators have been “working actively” together with foreign security agencies to track down those responsible for the cyberattack, the government said.
Earlier on Thursday, the Irish High Court granted the HSE injunctions against the sharing, processing, selling or publishing of any data stolen from its systems in the hack. The court orders, given against “persons unknown”, may not deter the hackers, but Justice Kevin Cross said the move could minimize the potential damage by effectively putting legitimate information service providers, such as Google, on notice concerning the illegal publication or sharing of the stolen data.
The hack has led to cancellations of key health services in many hospitals across Ireland, including radiotherapy appointments, cardiac checks, X-rays and CT scans, and delayed the processing of non-emergency blood tests. One of the worst-affected institutions was Dublin’s Rotunda Hospital, the oldest continuously operating maternity hospital in the world and one of the busiest in Europe.
Earlier this week, Irish Health Minister Stephen Donnelly warned that rebuilding HSE’s IT systems could require weeks of work and tens of millions of euros.
Like this story? Share it with a friend!