‘Positive’ Decryption Tool Given to Irish Health Service After Ransom Attack

Government says ransom has not and will not be paid
May 21, 2021 Updated: May 21, 2021

The result of initial tests on a decryption tool made available to Ireland’s national health service has been positive, the Irish Health Minister has said.

The Irish Government said on Thursday—almost a week after a ransomware attack of the Health Service Executive’s (HSE) IT system—that a decryption tool had been made available. It also insisted that no ransom had been or would be paid.

It was previously reported that the ransom negotiation page on the dark web shows that Conti, a Russia-based cybercriminal group, wanted $20 million (€16 million).

“Categorically, no ransom has been paid by this Government directly, indirectly, through any third-party or in any other way. Nor will any such ransom be paid,” Health Minister Stephen Donnelly told RTÉ Radio 1’s Morning Ireland programme on Friday.

When asked why the key was made available, Donnelly said: “It’s unclear. It came as a surprise. We became aware yesterday afternoon that the key was being made available on a site which is linked to this criminal gang,” adding that there could be “any number of reasons” and it was “probably not useful” for him to speculate.

The government has said on Thursday that the National Cyber Security Centre and private contractors carried out “a detailed technical process” to test the tool.

“What they’re doing is they’re testing the validity of the key. The initial results are positive,” Donnelly told RTÉ Radio 1.

“But obviously, it’s a detailed technical piece of work. We need to be absolutely sure that this will help restore the health systems, rather than potentially cause further harm.”

Donnelly said that other efforts to restore the systems are continuing in parallel.

Hackers have reportedly threatened to release patient data on Monday if a ransom is not paid.

HSE secured a court order on Thursday from the High Court that restrains the sharing, processing, selling, or publishing of the data. Donnelly said it probably won’t stop the data being dumped online, but will help prevent it from spreading.

“I don’t imagine that a criminal gang capable of doing what they did to our healthcare system and to patients in our country are going to be too worried about a court order,” he said.

“However it is relevant and very applicable to people here who may seek to share that information themselves.”

HSE Chief Executive Paul Reid said in a media briefing on Thursday that the work to undo the damage will continue into the coming weeks.

“We are now in the assessment phase where we’re assessing all across the network … to understand the impacts across the network,” he said.

Reid said there are 2,000 systems used by the health service and more than 4,500 servers.

“This is in essence the rebuilding of a legacy network of 30 years,” he said.

The briefing heard the impact on services included a reduction by 70–80 percent in outpatient appointments each day.

The HSE boss had previously said that the cost of fixing the system would run into tens of millions.

PA contributed to this report.