James Cox
The decryption key offered to the HSE following last week's cyberattack has been verified as genuine following examination by cybersecurity experts and the National Cybersecurity Centre (NCSC).
However, despite working, it is unlikely to significantly speed up the restoration of the health service's IT systems.
The HSE was offered the key to decrypt the systems accessed during the cyberattack, however, The Irish Times reports the key has been described as "buggy" and "flawed".
The decryption key was tested on a closed, unconnected system to prevent any further damage being done and although it was found to be effective, it may still take weeks to get all the IT systems back online.
Whether the key will be used to restore the data has not yet been decided, as officials may opt to continue manually restoring the files using HSE backups.
This morning, Minister for Health Stephen Donnelly said it was “unclear” why the decryption key was being made available and that it “came as a surprise”.
The Government has stated it did not pay a ransom to obtain the key, nor did they instruct a third-party to do so. It is not known if the decryption tool came from the Russian-based group of hackers responsible for the attack, known as 'Wizard Spider'.
Ransom
Cyber Risk International CEO Paul Dwyer said the decryption key could have come from other criminals, adding it may have been released by a group who were annoyed by the attention the attack was gaining.
Mr Dwyer told Newstalk: “The reason behind it being released may be not for ransom payment, it may be in fact that the cyber criminal community itself are really, really annoyed at this particular kind of attack.
“They have been pulling in hundreds of millions of ransomware attacks against harder targets — oil pipelines, large banks — those sort of entities that can make risk-based decisions and afford to pay these kind of things.
“And this attack has caused a problem with their business model, because now the world is looking at this — the world is getting more prepared for ransomware attacks.”