The Russian organized cybercrime group behind last week's attack on the HSE IT system has provided a decryption key that could unlock data that was disabled by ransomware.
However, the decryption tool will not be used on the HSE servers until it has been tested by the National Cyber Security Centre and IT specialists working on behalf of the HSE.
The groups will ensure that the tool will not further damage the HSE's systems and say that the process will take some time.
There is some evidence that the tool works and the Irish Government said that the decryption tool may get hospitals and the health care sector back to normal sooner.
However, the organized cybercrime group retains the private patient information obtained during last week's attack and can still put the information and other medical records into the public domain. Alternatively, the cybercrime group can sell the information to other criminals for extortion or blackmail purposes.
The National Cyber Security Centre and An Garda Síochána believe that Russian cybercrime group "Wizard Spider" is behind last week's attack.
The group, which is reportedly based in St. Petersburg, uses three different types of ransomware to commit cyberattacks - Trickbot, Ryuk, and Conti.
The group used Conti ransomware during the attack on the HSE and appeared to post a message online confirming that they had sent a decryption tool to the HSE.
"We are providing the decryption tool for your network for free but you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation."
Cybercrime experts say that gangs often provide victims with a decryption key as proof that they were behind the attack and as a reminder that the data that they have stolen is the more valuable asset.
The group has demanded a ransom of $20 million in exchange for the data stolen during the attack.
Minister for Health Stephen Donnelly said that the Irish Government did not pay a ransom for the decryption tool and maintained that the Government would not pay a ransom for the return of the stolen data.
The Government also issued a similar stance in a statement on Thursday evening.
"It is to be emphasized that the Government has not paid a ransom and will not pay a ransom in respect of this crime. This has been the firm position of the Government from the outset and it will continue to maintain that position," the statement said.
The Government has contacted the Russian authorities over the hack and the damage it has caused to the Irish healthcare system, while it is also liaising with the FBI, Interpol, Europol, the UK National Crime Agency, and other law enforcement bodies.
The HSE has additionally secured a High Court injunction preventing the cybercriminals or any other organization or individual from sharing, processing, or selling the information obtained during the attack.
HSE CEO Paul Reid told the High Court that the HSE fears that all of its data "is potentially compromised" following the attack and said that there was an imminent risk that confidential medical records will be made public.
Reid described the impact of the attack as "catastrophic" and "stomach-churning".
The High Court injunction also applies to social media platforms like Facebook and Twitter in the hope that it will limit the gang's ability to disseminate private information.
Donnelly said that the High Court injunction makes anyone in possession of the information obliged to hand it over.
He acknowledged that the cybercriminal gang behind the attack will not be fazed by the injunction but said that it should prevent other people from sharing the information out of their own interests.
The cyberattack, which took place in the early hours of Thursday, May 13, has been described as the most significant cybercrime attack on the Irish state. The attack caused most Irish hospitals to switch from electronic paperwork to manual paperwork and caused widespread disruption and cancelations to elective surgeries and virtual appointments in hospitals throughout the country.
Comments