Ireland said on Thursday that experts were examining a decryption tool that had been posted online that might help unlock IT systems disabled by a massive ransomware attack on its health service operator.
The government said it had not paid and would not pay any ransom in exchange for the purported key. It did not comment on reports that the gang had threatened to make reams of patient data public next week.
Ireland’s Health Service Executive (HSE) shut down its networks last Friday after the attack that it blamed on an international cybercrime gang.
The ransom attack has crippled diagnostic services, disrupted Covid-19 testing and forced hospitals to cancel appointments.
Ransomware attacks typically involve the infection of computers with malicious software. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.
Specialists from the National Cyber Security Centre were working with private contractors to check the decryption tool to make sure it was not a trick to cause further harm, the government said.
The tool “may support the ongoing work to repair the impact of the cyber-attack on the HSE’s IT systems which has caused huge disruption to our health services,” it added.
Screenshots circulating online on Thursday purported to show an online chat conversation with the hackers offering to decrypt the HSE’s data for free.
Reuters could not confirm the authenticity of the screenshots and it was unclear to whom the hackers were talking.
The screenshots, shared with Reuters by two security researchers, also purported to show the hackers threatening to start selling and publish data on Monday.
Ireland’s minister responsible for e-government, Ossian Smyth, described it as possibly the most significant cybercrime attempt against the Irish state.