Hackers Offer Decrypt Key to Irish Health Service With a Catch | #government | #hacking | #cyberattack


A day after threatening to publicly release patient data, the hackers who targeted Ireland’s health service offered a decryption key that they said could be used to unlock computers infected with ransomware.

While seeming to offer an olive branch — sharing a link to download the decryption key — the group reiterated its threats to disclose patient data unless Irish authorities paid the $20 million ransom demand.

”We are providing the decryption tool for your network for free,” the hackers said in the message posted on Thursday, which was reviewed by Bloomberg News. “But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation.”

The cybersecurity group MalwareHunterTeam, and the computer security website Bleeping Computer, each said they had verified the decryption key was legitimate and could be used to unlock the files of Ireland’s Health Service Executive. But the disclosure of the decryption key is unlikely to mean the end of the disruption.

Irish authorities said they were aware of the decryption tool and were conducting a technical review to ensure its integrity and to “ensure that this tool would support restoration of our systems and rather than cause further harm.”

“Every effort is being made to restore important aspects of the HSE’s IT infrastructure as soon as possible and the focus remains very firmly on restoring medical services for the many thousands of patients in need of them,” the government said in an emailed statement.

“It is to be emphasized that the Government has not paid a ransom and will not pay a ransom in respect of this crime,” according to the statement. “This has been the firm position of the Government from the outset, and it will continue to maintain that position.”

A health ministry spokeswoman said in a text message that it wasn’t yet clear what personal data, if any, had been stolen from the ministry’s systems. She said a mapping exercise is underway to determine the potential risk to individuals should any data be disclosed online, and the department is also developing a protocol to communicate with individuals if personal data is affected.

As a precaution, she said, the ministry is encouraging stakeholders to be on the lookout for suspicious activity around their personal data.

Brian Honan, head of Ireland’s Computer Security Incident Response Team, said whether the encryption key works or not, hospitals and other affected organizations “will still have to restore all their systems step by step.”

“Otherwise they have no guarantee that a backdoor or other malicious piece of code has been left on their systems by the criminals to enable them to get back in again at a later date,” he said. Honan added that the situation was “still quite serious. Many systems are still offline as the response teams work they way through restoring affected systems.”

The online messages from the hackers show that they demanded $19,999,000 in payment; that figure couldn’t be confirmed with Irish authorities.

Last week, Ireland’s hospitals were forced to shut down many of their computers after the hackers gained access to the health service’s systems, encrypted patient data so that it was inaccessible and demanded payment to unlock the files.

The incident has paralyzed some hospitals, resulting in the cancellation of services including some cancer patients’ consultations and disrupting radiology and diagnostic systems. Hospital staff have been carrying out much of their work using pen and paper instead of their computers. Emergency rooms are open but dealing with significant delays due to the fallout from the attack.

In an online message sent on Wednesday and reviewed by Bloomberg News, the hackers told representatives of the country’s Health Service Executive that if they couldn’t reach an agreement soon, ”we will start to sell and publish your data” on May 24. Previously they had threatened to release the data “very soon.”

The attack in Ireland comes on the heels of several high-profile ransomware attacks in the U.S., including a breach of Colonial Pipeline Co. that squeezed fuel supplies along the East Coast, leading to higher prices and long lines at gas stations. A separate attack on Scripps Health in San Diego has slowed the pace of care and forced the diversion of some patients to other facilities, according to the San Diego Union-Tribune.

In ransomware attacks, hackers encrypt a victim’s computer files and then demand payment to unlock them. Some ransomware gangs now steal victims’ files too and threaten to publish them if payment demands aren’t met, a type of double extortion.



Original Source link

Leave a Reply

Your email address will not be published.

44 + = fifty four