Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File image of Health Minister Stephen Donnelly. Rollingnews.ie

Initial results 'positive' in testing decryption tool to unlock data, Health Minister says

A decryption key was made available yesterday but Donnelly said “no ransom has been paid”.

THE HEALTH MINISTER has described as “positive” the initial results from testing the validity of a decryption key that may help the HSE to unlock its IT systems.

The government said yesterday that the tool was made available online. A “detailed technical process” then began to ensure that the key is genuine and will not cause any further damage to the HSE systems.

The HSE shut down its IT systems last Friday after it became aware of a significant ransomware attack.

Stephen Donnelly said security contractors are “testing the validity of the key” at the moment. 

“The initial results are positive, but obviously it’s a detailed, technical piece of work,” the Health Minister told RTÉ radio’s Morning Ireland. 

And we need to be absolutely sure that this will help restore the health systems, rather than potentially cause further harm. So work is ongoing on that at the moment.

The minister said it’s “unclear” why this decryption tool was made available. 

“It came as a surprise. We became aware yesterday afternoon that the key was being made available on a site which is linked to this criminal gang.

“Our technical group obviously then obtained that key, and are currently testing it.”

The Journal reported yesterday that the ransomware attack started when a single computer stopped working, causing its user to reach out for help by clicking on a link.

Donnelly said “no ransom has been paid by this government directly, indirectly, through any third-party or in any other way, nor will any such ransom be paid”. 

Reports said the hackers have threatened to release the data if a ransom is not paid by next Monday, a threat Donnelly said is being taken “very seriously”. 

“There obviously have been redacted pieces of information put up on the dark web to this point. Because it’s an ongoing criminal investigation, we can’t confirm whether the records are genuine.

“However, as people will be aware. It is entirely possible and this sort of approach is quite standard procedure in these kinds of attacks.”

Injunction

Yesterday, the HSE acquired a court injunction that requires anyone who is possessing HSE data to hand it over and not disclose, trade or deal in the information.

Donnelly defended the injunction, saying officials received a “very positive and strong” result from the judge. 

“I don’t imagine that a criminal gang capable of doing what they did to our healthcare system and to patients in our country are going to be too worried about a court order, however it is relevant and very applicable to people here who may seek to share that information themselves, potentially just out of interest or for their own reasons,” he said. 

Donnelly added that there is “good progress being made” in restoring some health systems across services for radiology, local labs and patient administration. 

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
56 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Install the app to use these features.
    Mute Simon F
    Favourite Simon F
    Report
    May 21st 2021, 9:30 AM

    They paid the ransom only way to get the decryption key.

    200
    Install the app to use these features.
    Mute Simon F
    Favourite Simon F
    Report
    May 21st 2021, 9:44 AM

    @Simon F: they will get to about 95% decrypted and then will need to pay another ransom for the last 5%.

    I’m shocked but not surprised that this has happened. I’ve worked in government offices, IT security is a joke antivirus software poorly managed, Non patched outdated servers, and sub par firewall configuration. staff not trained in IT policies and procedures. I’ve worked in primary schools with better IT infrastructure and security.

    130
    Install the app to use these features.
    Mute Ger Murphy
    Favourite Ger Murphy
    Report
    May 21st 2021, 10:49 AM

    @Simon F: and how do you know this? Recent similar events with hospital in Germany would suggest that the gang pulled back because of the. heat on them. But I guess facts are an annoyance.
    My own theory is Russia has used it’s influence and will / is expecting a reciprocal gesture from Ireland during its tenure on the security council.

    80
    See 7 more replies ▾
    Install the app to use these features.
    Mute Stanley Marsh
    Favourite Stanley Marsh
    Report
    May 21st 2021, 11:01 AM

    @Simon F: Not necessarily the case. There have been cases of hackers having a change of heart depending on who / what is affected.

    I do however agree that the IT systems / management of most goverment agencies are a joke and I would have very little faith in any of them.

    16
    Install the app to use these features.
    Mute Seán Dillon
    Favourite Seán Dillon
    Report
    May 21st 2021, 11:20 AM

    @Simon F: Don’t believe so, did similar last month to a major hospital in America. Negotiators told hackers that it was a hospital and they gave them the decryption key. This is bad press for them and they don’t want the pressure, when they realised it was a health care system they made the decryption key available. Personal data still out there though.

    13
    Install the app to use these features.
    Mute Mike
    Favourite Mike
    Report
    May 21st 2021, 12:13 PM

    @Simon F: Or, perhaps the data has already been sold on the darknet, so the hackers got their money either way and shared the decryption because the data is already out in the wild…

    7
    Install the app to use these features.
    Mute Dave Hammond
    Favourite Dave Hammond
    Report
    May 21st 2021, 12:28 PM

    @Stanley Marsh: ‘hackers having a change of heart’ ;-). hmm.

    8
    Install the app to use these features.
    Mute Alan Byrne
    Favourite Alan Byrne
    Report
    May 21st 2021, 1:35 PM

    @Ger Murphy: Yup. What’s the bets the planning permission for the Russian Embassy gets aproved in the near future.

    1
    Install the app to use these features.
    Mute Simon F
    Favourite Simon F
    Report
    May 21st 2021, 1:37 PM

    @Dave Hammond: Yeah i highly doubt a criminal organisation just gave up. And provided the key with such leverage, Maybe a deal was struck who knows.

    1
    Install the app to use these features.
    Mute David foley
    Favourite David foley
    Report
    May 21st 2021, 2:22 PM

    @Simon F: This is not the only way of getting the decryption key; many times in the best gangs would release the Decryption key for free, this month alone a decryption key was released on the Tor Network. The gang have what they wanted personal health data, which could be dumped online or sold to health insurance companies.

    2
    Install the app to use these features.
    Mute Tom Hickey
    Favourite Tom Hickey
    Report
    May 21st 2021, 9:34 AM

    They paid up….

    88
    Install the app to use these features.
    Mute Johnny
    Favourite Johnny
    Report
    May 21st 2021, 11:44 AM

    @Tom Hickey: Unlikely, if the group are still threatening to release patient data on Monday. The decryption keys have been made available in other hospitals to get critical systems back up running, without any ransom being paid.

    18
    Install the app to use these features.
    Mute Michael Healy
    Favourite Michael Healy
    Report
    May 21st 2021, 9:32 AM

    Wonder was a backdoor deal done to get the decryption key from the hackers.

    67
    Install the app to use these features.
    Mute Tony Lyons
    Favourite Tony Lyons
    Report
    May 21st 2021, 9:38 AM

    @Michael Healy: I doubt we will ever know the answer

    44
    Install the app to use these features.
    Mute Geoff Bateman
    Favourite Geoff Bateman
    Report
    May 21st 2021, 9:56 AM

    @Tony Lyons: as usual

    20
    See 2 more replies ▾
    Install the app to use these features.
    Mute Fr. Fintan Stack
    Favourite Fr. Fintan Stack
    Report
    May 21st 2021, 10:23 AM

    @Michael Healy: Back door deal with the Russian embassy?

    7
    Install the app to use these features.
    Mute Tom Ripley
    Favourite Tom Ripley
    Report
    May 21st 2021, 10:36 AM

    @Tony Lyons: eventually we will know. But yes they paid.

    6
    Install the app to use these features.
    Mute Twitruser2021
    Favourite Twitruser2021
    Report
    May 21st 2021, 9:40 AM

    Why not try a reverse hack on them. Here is your bitcoin please click to open…. Hahaha you been h@¢ked

    86
    Install the app to use these features.
    Mute Bill Spill
    Favourite Bill Spill
    Report
    May 21st 2021, 10:12 AM

    @Twitruser2021: I love this lol!

    14
    Install the app to use these features.
    Mute
    Favourite
    Report
    May 21st 2021, 9:32 AM

    Unlocking it is all well and good, but they still have all our sensitive data and the Gov has done nothing to stop it being sold.

    40
    Install the app to use these features.
    Mute Adrian O'Donnell
    Favourite Adrian O'Donnell
    Report
    May 21st 2021, 9:39 AM

    What can they do? These guys are untraceable and beyond the reach of our legal system. What it does highlight is that despite the vast sums annually pumped into the hse, they were horribly caught with their IT pants down. All staff should have been properly trained to address any anomolies that might arise and certainly should be doing forward.

    86
    Install the app to use these features.
    Mute Tom Ripley
    Favourite Tom Ripley
    Report
    May 21st 2021, 10:37 AM

    @Adrian O’Donnell: well untraceable to us but not to our friends. We don’t have the capability the United States would have. They would know who is at it. But outside our borders means untouchable

    7
    See 4 more replies ▾
    Install the app to use these features.
    Mute Stanley Marsh
    Favourite Stanley Marsh
    Report
    May 21st 2021, 11:07 AM

    @: Well they did get a court injunction yesterday which you might scoff at but what precisely would you have them do?

    Even in summer a ground offensive into Russia would be a tough ask for Oglaigh na hEireann….

    13
    Install the app to use these features.
    Mute Johnny
    Favourite Johnny
    Report
    May 21st 2021, 11:47 AM

    @: Oh no, some Russian hackers or someone bothered enough to go hunting on the darkweb will know that I got a mole removed in 2016 and broke my arm when I was 10!
    Unless you’re a celebrity/public figure, you shouldn’t care. I doubt your neighbour is going to go on the darkweb to see about your GP check-up history.

    6
    Install the app to use these features.
    Mute Stanley Marsh
    Favourite Stanley Marsh
    Report
    May 21st 2021, 11:54 AM

    @Johnny: And unlikely any celebrity / public figure would be going anywhere near the HSE.

    Blackrock Clinic and the like more likely.

    4
    Install the app to use these features.
    Mute martin.
    Favourite martin.
    Report
    May 21st 2021, 1:33 PM

    @Stanley Marsh:

    2
    Install the app to use these features.
    Mute John Egan
    Favourite John Egan
    Report
    May 21st 2021, 9:41 AM

    Is Ireland the first country where the National healthcare system has been hacked? Obviously many private businesses have been. But a National healthcare system, how did the hackers, as sophisticated as they are, decided on Irelands healthcare system to exploit?

    33
    Install the app to use these features.
    Mute Alan Watts
    Favourite Alan Watts
    Report
    May 21st 2021, 9:44 AM

    @John Egan: NHS had a major hack not so long ago no?

    43
    Install the app to use these features.
    Mute Eoin O'Neill
    Favourite Eoin O'Neill
    Report
    May 21st 2021, 9:55 AM

    @John Egan: same ransom style hack by different means hit the NHS a year or 2 ago. This HSE one was a new method.

    13
    See 5 more replies ▾
    Install the app to use these features.
    Mute John Egan
    Favourite John Egan
    Report
    May 21st 2021, 9:59 AM

    @Alan Watts: yeah, looked it up. 2017 was the last one (warnings of attempted attacks last year). US pipeline was hacked this year but is private company. Old operating systems WXP & Wserver2003 were High risk.

    2
    Install the app to use these features.
    Mute Alan Watts
    Favourite Alan Watts
    Report
    May 21st 2021, 10:13 AM

    @John Egan: hopefully the nukes are unhackable

    4
    Install the app to use these features.
    Mute John Egan
    Favourite John Egan
    Report
    May 21st 2021, 10:38 AM

    @Alan Watts: ha. Can see it now, Iranian nukes controlled by Windows 98

    1
    Install the app to use these features.
    Mute Dave Hammond
    Favourite Dave Hammond
    Report
    May 21st 2021, 12:36 PM

    @John Egan: healthcare is a sector thats gets regularly targeted because govt have a lot of money at their disposal and can be embarrassed into actions – there are thousands of attacks on this scale daily – govt sectors – big business and orgs and then smaller `smes are all victims every single day – this one gets all the media coverage but in truth we are no different than every other country – the criminal gang are likely to give them a get out of jail key once they get paid – dont believe this nonsense about a ‘change of heart ‘ by the criminals – but don’t expect anyone to admit to paying ransoms either – they will either spend a lot of time and a lot more money or they will ‘arrange’ for a magic key to be given to them for free ;-) whatever you want to believe really

    3
    Install the app to use these features.
    Mute AA
    Favourite AA
    Report
    May 21st 2021, 1:38 PM

    @Alan Watts: the NHS was infected during the global wannacry hack, but it was not the target!

    1
    Install the app to use these features.
    Mute Terry Cahill
    Favourite Terry Cahill
    Report
    May 21st 2021, 9:40 AM

    Sinn Fein intervention … leave it to us … All sorted .

    28
    Install the app to use these features.
    Mute Martin Galvin
    Favourite Martin Galvin
    Report
    May 21st 2021, 10:28 AM

    @Terry Cahill: Closed-Community Policing …’No-one will harass you anymore, walking the streets, and no anti-social behaviour will be tolerated …. including hacking’ :)

    3
    Install the app to use these features.
    Mute John Mc Donagh
    Favourite John Mc Donagh
    Report
    May 21st 2021, 11:17 AM

    @Martin Galvin: No, you got it all wrong Paul rang them in return for his dad’s slot on the Journal this morning. That sorted it—Don’t laugh—He sorted out Greece’s problems. WeLL DIDN’T HE?

    1
    Install the app to use these features.
    Mute Gerard
    Favourite Gerard
    Report
    May 21st 2021, 9:49 AM

    All the armchair experts out in full force, giving their expert opinions on how the ransom was paid.

    If the same key is used for encryption and decryption, at some point it must have been on the computers in question to perform the encryption. With sufficient motivation and resources it’s entirely possible it could be recovered.

    If a different key was used for encryption and decryption, public key cryptography is crackable by definition of how it works. The effort in doing so is what makes it unfeasible.

    And in either or neither case, knowing part of the unencrypted contents (which the HSE would) would assist in cryptanalysis.

    21
    Install the app to use these features.
    Mute Ixtrix Net
    Favourite Ixtrix Net
    Report
    May 21st 2021, 10:11 AM

    @Gerard:
    any idea how long it can take to brute force a key?

    4
    Install the app to use these features.
    Mute JMcB
    Favourite JMcB
    Report
    May 21st 2021, 10:14 AM

    @Gerard: the article says the hackers posted decryption key publicly on their website

    12
    See 2 more replies ▾
    Install the app to use these features.
    Mute Gerard
    Favourite Gerard
    Report
    May 21st 2021, 11:36 AM

    @JMcB: my point is people are saying it’s not possible to recover such a key without the attackers. This is not true. And they also seem to know we paid the ransom, based on their own hunch.

    It’s extremely expensive (computationally) but it can be done, unless you use a key as long as the data itself (a one-time pad)

    Every other encryption method, including the ones we use to secure bank transactions, is vulnerable. We just trust that no attacker will be resourceful enough to be able to devote enough resources to decrypt it in any meaningful amount of time.

    2
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 21st 2021, 3:40 PM

    @Gerard: You’d need a supercomputer to do it and it could take a long time even at that…

    1
    Install the app to use these features.
    Mute Andrew English
    Favourite Andrew English
    Report
    May 21st 2021, 9:40 AM

    Fair play to the hackers for giving us a decryption key FOC.

    21
    Install the app to use these features.
    Mute Max Power
    Favourite Max Power
    Report
    May 21st 2021, 10:37 AM

    I wouldn’t be blaming the HSE staff … half of them wouldn’t know where the any key to continue is on the keyboard…

    20
    Install the app to use these features.
    Mute Pavel Shipilov
    Favourite Pavel Shipilov
    Report
    May 21st 2021, 9:44 AM

    The more I hear about what our government does in relation to the mess created by hack, the more I get the impression that it is a bunch of clowns trying to run the circus. I see no end of this anytime soon.

    57
    Install the app to use these features.
    Mute JMcB
    Favourite JMcB
    Report
    May 21st 2021, 10:11 AM

    So the kidnappers take your kid, demand a ransom, you refuse to pay, they let your kid go. I’ll call off Liam Neeson so

    14
    Install the app to use these features.
    Mute Albert Brennerman
    Favourite Albert Brennerman
    Report
    May 21st 2021, 9:44 AM

    Its good news. If they paid they had to pay. Hard see any other reason.

    5
    Install the app to use these features.
    Mute Ronan Castled
    Favourite Ronan Castled
    Report
    May 21st 2021, 11:16 AM

    A great bunch of lads these hackers, only having the bants

    6
    Install the app to use these features.
    Mute Tom Gavin
    Favourite Tom Gavin
    Report
    May 21st 2021, 11:32 AM

    @Ronan Castled: what does that mean?

    5
    Install the app to use these features.
    Mute John Hagin Meade
    Favourite John Hagin Meade
    Report
    May 21st 2021, 11:25 AM

    My opinion is as follows: The decryption key is capable of working but it also has a hidden switch to activate another dormant zero-day malware already in the systems that will do much more damage. Then the ransom demand will be multiple times the current ask of $20M. There can be no other explaination as to why the key was given for free. If the ransom had been paid then a similar key, without the hidden switch, would have been supplied. I sincerely hope I am wrong

    4
    Install the app to use these features.
    Mute Johnny
    Favourite Johnny
    Report
    May 21st 2021, 11:54 AM

    @John Hagin Meade: Well, there can be another explanation, as groups like this have given decryption keys for free in the past to hospitals and other groups where people’s lives were at stake.
    And your fantasy scenario makes no sense, as the data just ends up encrypted again, so the whole endeavor was pointless if it ends up back where it started. There is no such thing as “more damage”, it’s either encrypted or it isn’t. If they wanted more money, they can just ask for it the first time, rather than encrypting, then decrypting, then encrypting again. And putting in place daily backups of any critical data (rather than possibly weekly/monthly before), then a future encryption of the data would mean minimal disruption. Plus NetSec can be on higher alert and identify any vulnerabilities that lead to the initial access.

    6
    Install the app to use these features.
    Mute John Hagin Meade
    Favourite John Hagin Meade
    Report
    May 21st 2021, 4:29 PM

    @Johnny: “There is no such thing as “more damage”

    A malware routine to max-out components such as hard disks, CPU or memory modules to cause them to fail is one possibility. Another one is to have the hard disk reformatted when the PC’s are next restarted, such as after an update. While this would not affect the backups that are now being made it would render all the machines unusable and require a full reload/reinstallation of software which is very time consuming. Many years ago the formatting of the hard disk happened to my daughter’s computer due to a virus that only triggered on a Friday when the date was 26. Everything had to be restored. I don’t think these evil hackers will just go away quietly.

    1
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 21st 2021, 3:37 PM

    Ok so this really sums up the situation.
    1 – HSE refuse/make no effort to ensure IT systems are secure despite repeated warning.
    2 – HSE gets hit with ransomeware by Russian hackers
    3 – HSE refuse to negociate with hackers
    4 – Hackers release HSE data on the dark web, no answer from HSE
    5 – Hackers give the HSE tool to decrypt data but are going to sell it online. HSE ignore them.
    6 – HSE go to IRISH high court and get a court order forbidding anyone to handle the stolen data.
    7 – HSE ignore hackers

    Now the gas thing here about the court order is this. It won’t do a dam thing to stop the hackers but its an attempt to head off people sueing the HSE over the data breach. If you have the data on your laptop and see your information then its illegal and the HSE lawyers will come after you for having possession of the data. So if you were to take the HSE to counrt over the data breach then you cannot prove in court with 100% accuracy that your data was stolen.

    Its like the HSE had a shed full of pigeons and left the door open and they are gonna sue anyone who is in possession of one of their pigeons. Even though they left the door open…..

    4
    Install the app to use these features.
    Mute Shane Cormican
    Favourite Shane Cormican
    Report
    May 21st 2021, 10:23 AM

    Your welcome lads!!

    2
    Install the app to use these features.
    Mute Diarmuid O'Braonáin
    Favourite Diarmuid O'Braonáin
    Report
    May 21st 2021, 3:47 PM

    The HSE just sent the hackers the link to the IRISH high court order. This was the reply for the hacker “?”

    They still don’t get it. An Irish court order against a bunch of Russian hackers… pointless.

    1
    Install the app to use these features.
    Mute Life in no motion
    Favourite Life in no motion
    Report
    May 21st 2021, 11:47 AM

    Thumbs up!

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.

Leave a commentcancel

 
JournalTv
News in 60 seconds