Ireland's Health Service Executive (HSE) has ruled out giving in to hackers' demands as the country's healthcare and social services continue to deal with the disruption caused by a significant ransomware attack that occurred a few days ago.
The HSE has now confirmed that a ransom has been sought by the attackers, although the exact amount is yet to be clarified. "Following an initial assessment we know this is a variant of the Conti virus that our security providers had not seen before. A ransom has been sought and won't be paid in line with state policy," the HSE said.
Patients will also see delays in getting their COVID-19 test results, and contact-tracing, while still operating as normal, will take longer than usual.
COVID-19 vaccination appointments are going ahead as normal, maintained the health services, encouraging those booked in for a jab to attend their appointment as planned.
Emergency departments, sexual assault treatment units and the national ambulance service are still operating.
The impact of the attack varies across hospital and community services nationwide, with teams on the ground working to re-deploy staff and re-schedule procedures and appointments as needed, said the HSE.
The organization has been working with the National Cyber Security Centre (NCSC) and third-party cybersecurity experts like McAfee to investigate the incident. The attack was identified as a human-operated ransomware variant known as "Conti", which has been on the rise in recent months.
Conti operates on the basis of "double extortion" attacks, which means that attackers threaten to release information stolen from the victims if they refuse to pay the ransom. The idea is to push the threat of data exposure to further blackmail victims into meeting hackers' demands.
Instead, the NCSC has recommended a remediation strategy that involves containing the attack by isolating the systems that were hacked, before wiping, rebuilding and updated all the infected devices. The HSE should then ensure that antivirus is up to date on all systems, before using offsite backups to restore systems safely.
Priority is given to key patient care systems, including diagnostic imaging, laboratory systems and radiation oncology, and some systems have already been recovered.
"Some progress has been made on getting servers cleaned, restored and back online. This is in line with the pace we had anticipated, and is a stepped, methodical process, to mitigate the risk of re-infection. We are also looking at interim solutions to get some servers back online in a proven safe way," said the HSE.
But while it is clear that data on some servers has been encrypted, the organization conceded that the full extent of the issue is unknown at this point.