The cyber gang targeting the HSE has provided a decryption tool to Irish authorities that it says will allow them to repair their IT systems.
The Irish Times reports that the Russian-speaking ransomware group says the tool will enable authorities to recover IT systems and the files that hackers locked and encrypted.
However, the gang behind the attack is still threatening to share information, including personal data relating to patients, on the darknet and to sell some of it to other criminals if a ransom is not paid.
The HSE and Department of Health were expected to greet the offer with extreme caution, for fear the gang is trying to entice them into an even more difficult situation.
'Ensure integrity'
In a statement on Thursday evening, the Government confirmed the offer of the decryption tool.
“The Government is aware that a decryption tool has been made available online which may support the ongoing work to repair the impact of the cyberattack on the HSE’s IT systems which has caused huge disruption to our health services,” the statement said.
“A detailed technical process to ensure the integrity of this decryption tool is being carried out by the NCSC [National Cyber Security Centre] and private contractors. This is to ensure that this tool would support restoration of our systems... rather than cause further harm.”
The Government described the offer of the tool as an “encouraging development”.
“Every effort is being made to restore important aspects of the HSE’s IT infrastructure as soon as possible and the focus remains very firmly on restoring medical services for the many thousands of patients in need of them,” the statement continued.
“It is to be emphasised that the Government has not paid a ransom and will not pay a ransom in respect of this crime. This has been the firm position of the Government from the outset and it will continue to maintain that position.”
Genuine
The Government said An Garda Síochána was “working actively” with international policing and security partners to pursue “every avenue available” in investigating those responsible for the crime.
Meanwhile, cybersecurity professionals who spoke to The Irish Times on Thursday said the decryption tool offered by the ransom gang to the HSE appeared to be genuine.
They believed it was a very positive development for the Irish authorities because the HSE would be able to restore its IT infrastructure much faster than expected.
The same cybersecurity sources believed the gang may be acting out of concern that their attack on the HSE had become so large scale and was attracting so much attention they wanted to diffuse the situation.
However, the sources said the fact the decryption key had been shared with the HSE strongly suggested the gang was just about to share all or most of the Irish data online.
Court order
Meanwhile, the Minister for Health has welcomed the granting of a court order against the illegal use of data that may potentially have been stolen during the recent ransomware attack.
Stephen Donnelly said: “This evening’s development is very welcome and shows how seriously myself and my colleagues in Government are taking this event.
“The disgraceful cyberattack this week is an attack on the Irish state and all of us who value our health system so highly, particularly in light of the heroic response from all members of our health services in the last year.”
He continued: “I am also this evening in a position to confirm that the decryption key to unlock the data has now been made available. No ransom was paid by the Irish State. We will continue to work with all parties to further the national response and fully reinstate our health services.”