Irish court issues injunction against Conti hackers to stop health service data exposure, sale

The group has warned that the data will be leaked or sold if a $20 million ransom demand is not met.

Dublin's High Court has issued an injunction against the Conti ransomware group to stop data belonging to Ireland's health service from becoming public. 

In what appears to be an effort at damage control, the injunction against "persons unknown" would make it illegal for information stolen during a ransomware attack against the Health Service Executive (HSE) from being shared, processed, sold, or otherwise published online, as noted by the Financial Times

The ransomware attack took place on May 14. The HSE pulled all of its systems offline to try and mitigate the spread of infection, causing widespread disruption to healthcare services as a consequence. 

Ireland's HSE is responsible for healthcare services across Ireland. While the ongoing COVID-19 vaccination program and ambulance services carried on as normal, some outpatient services -- including those offered by maternity units and X-rays -- were canceled. 

In addition, the healthcare service has warned that delays are possible in receiving COVID-19 test results. 

Irish government officials have branded the attack, thought to be the responsibility of the Conti ransomware group, as possibly one of the most "significant" cases of a cyberattack against Ireland. 

A ransom payment was sought. The FT says the amount requested was $20 million, but in line with Irish policy, officials say it will not be paid

"This criminal ransomware attack has had a significant impact on hospital appointments and there continues to be major disruptions," the HSE says. "We are asking the public to be patient with us, to bear with us, and be aware that our staff are working around the clock to ensure patients receive the best and safest possible care in these circumstances."

The impact of encrypted hospital systems, especially in a time of a global pandemic, is profound enough that the ransomware operators have reportedly offered the HSE a decryption key without payment.

If the tool works, this would allow the healthcare service to potentially regain access to encrypted systems, but there is no guarantee that it will be usable. The decryption software is currently undergoing a technical examination. 

However, this does not mean Conti has given up in its extortion attempt of the HSE. Monday is reported to be the deadline for a potential public data leak, or sale, of the 700GB dataset Conti claims to have stolen.

HSE CEO Paul Reid told the court that all of the organization's data is "potentially compromised," according to Independent.ie.

The health service is currently working to rebuild its crippled IT system. 

"Slow but steady progress is being made in assessing the impact and beginning to restore HSE IT systems," the service says. "This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems."

In the meantime, a doctor, speaking to Malwarebytes, has spoken of the burden the ransomware attack has placed on staff already overstretched due to the pandemic and a backlog of cases. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0