A ransomware gang that launched a “catastrophic” cyber-attack against the Irish health system is now reportedly helping in its recovery.
The attack on the Health Service Executive (HSE) of the Republic of Ireland, carried out with Conti ransomware, started when a single computer stopped working and its user responded to a prompt to click on a link.
HSE was alerted to the attack at 4am on May 14 and subsequently shut down all of its IT systems nationwide. The closure caused the cancellation of appointments, including maternity scans, radiology services and outpatient appointments.
A ransom of $20m was demanded by the attackers to restore files that were encrypted in the attack. The Irish government has said that it has no intention of paying the cyber-criminals who hit the HSE.
On its site on the dark net, the ransomware gang said it would give the decryption tool needed to restore the files to the health service free of charge. However, the gang is still threatening to publish data it claims to have stolen during the attack unless a ransom payment is received.
“We are providing the decryption tool for your network for free,” wrote the gang, “but you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation.”
Ireland’s minister for health, Stephen Donnelly, said that the ransomware gang’s unexpected gift was being trialed.
“No ransom has been paid by this government directly, indirectly, through any third party or any other way. Nor will any such ransom be paid,” he told Irish broadcaster RTÉ.
“It came as a surprise to us. Our technical team are currently testing the tool. The initial responses are positive.”
In an interview with Malwarebytes, an Irish doctor dealing with the fallout from the attack said: “I have to tell patients, sorry I can’t operate on you. You’ve been fasting, you came a long distance, you rescheduled things to make time for me, maybe you have had to come off work. After all this I have to say sorry, I can’t see you.”