Ireland examines the key to deciphering the restoration of health systems after a ransomware attack

Ireland is considering a decryption tool to complete the week-long shutdown of its health service computer system and has also obtained a court order preventing it from sharing and publishing stolen data.

Speaking on Thursday evening, the Irish government said it had made a decryption tool available, “which could help with ongoing work [to] fix the impact of cyberattack on HSE (Health Service Management) IT systems “.

As part of the attack, hackers encrypted HSE data so the HSE could not enter it. The tool will allow the HSE to re-access the data if it works.

Similarly, the High Court in Dublin ordered the HSE to prevent anyone from sharing, processing, selling or publishing data stolen by hackers. The HSE said the action was designed to make it illegal for sites like Google and Twitter to share information.

The news came in less than 24 hours that hackers would post and sell patient and other confidential data online unless they paid $ 20 million for Monday. The hack, which began in the early hours of May 14, forced Ireland to shut down most of its health IT systems, causing major disruptions.

Health Minister Stephen Donnelly stressed on Thursday that no bailout had been paid for the decryption key. An online chat watched by FT shows that the key was provided by an account called ContiLocker Team.

Ireland has said the Conti hacker team is behind the attack. The ContiLocker Team account has already shared a sample of 27 files, including information related to 12 people called the Financial Times reported on Wednesday.

The government said the researchers are now “carrying out a detailed technical process to ensure the integrity of this decryption tool… To ensure that this tool will help restore our systems, rather than causing further damage”.

Investigators have not confirmed the leak, but Irish Communications Minister Eamon Ryan, who oversees the National Cyber ​​Security Center, said the FT report was “credible and accurate”.

On Wednesday night the ContiLocker Team warned of entries for a conversation between an unnamed account: “We will start selling and publishing your data on Monday.” Online chat is on the dark web, a section of the Internet that can only be accessed through an anonymous browser known as Tor.

The ContiLocker Team claims to have stolen 700gb of data from the HSE, including patient files, payroll information, bank notes and commercial documents.

The FT examined a physician’s file, which included an individual’s admission report, physician letters, and laboratory reports, as well as family contact details and other personal information. The details of the file matched the publicly available death notice.

Six days after the ransomware attack, doctors warned it is getting the patient’s attention caused by delayed appointments for radiotherapy, X-ray, and cervical cancer screening services, as well as difficulties in accessing patient test results.

Thursday morning was HSE’s top executive, Dr. Vida Hamilton he told Irish radio station RTE that there was a “tremendous risk” in hospitals as a result of the hack. “We don’t know anything about the individual. We don’t have a diagram, we don’t have a record number, ”he said, describing how manual processes introduced“ delay and risk of error ”.

While the hacks have claimed many more victims, including a ransomware attack on a U.S. pipeline that has caused fuel shortages, the study has increasingly turned to the shortcomings that have made HSE vulnerable.

Reports from the Irish Times on Thursday explained how the internal audits were marked “Weaknesses” HSE security controls and disaster recovery protocol three years ago.