Irish Prime Minister rules out paying ransom to cyber gang after health service attack

The Conti ransomware operators have reportedly demanded a $20 million ransom from HSE

Irish Prime Minister Micheál Martin said on Monday that the government would not pay any ransom to the cyber criminals who attacked the Ireland Health Service (HSE) last week and disrupted health services across the country.

"We're very clear we will not be paying any ransom or engaging in any of that sort of stuff," Martin said according to broadcaster RTE.

The Conti ransomware gang has demanded a $20 million ransom from HSE, BleepingComputer reported on Monday, saying it had seen a screenshot of a chat session between Conti and Ireland's HSE in which Conti operatives said they would provide a decryptor and delete the stolen data if a ransom of $19,999,000 is paid.

The alleged ransom note suggested that the gang had encrypted SQL servers and file servers and exfiltrated more than 700 GB of confidential data including phone numbers and the addresses of doctors, nurses and patients.

The Conti ransomware gang emerged about a year ago. In March, British clothing brand FatFace reportedly paid $2 million (about £1.5 million) ransom to the Conti gang, following a ransomware attack.

The Irish government's National Cyber Security Centre (NCSC) also confirmed on Monday that the attackers used Conti ransomware to encrypt HSE's systems.

In a statement on its website, the agency said that it was working with the European Union and other allies to ensure that the Irish Health Service "has immediate access to international cyber supports".

The NCSC further revealed that the same group of attackers had also attempted to compromise the network of the Irish Department of Health, although the malicious activity was thwarted by the agency's cyber security experts before the ransomware executed.

The attack on HSE network was publicly disclosed on Friday when the organisation said that it had shut down all its IT systems after being hit with a "significant" cyber attack that affected diagnostic services and forced many hospitals to cancel appointments.

HSE chief Paul Reid said the incident was having a major impact on all local and national systems involved in core services. Dublin's Rotunda Hospital cancelled outpatient visits following the attack, except for women 36 weeks pregnant or more.

Services at the National Maternity Hospital (NMH) were also disrupted, although NMH said that people with an appointment may visit the hospital as normal.

The cyber attack did not affect the National Ambulance Service or the system for Covid-19 vaccinations.

On Monday, the HSE said that there were "serious concerns about the implications for patient care arising from the very limited access to diagnostics, lab services and historical patient records" and that the disruption of health services was "very likely to go well into this week".

"Hospitals and community services nationwide are seeing varied impacts, but all teams are responding with contingency arrangements, including redeploying staff, rescheduling some procedures and appointments, and adjusting processes as needed," the HSE noted.

"The defence forces will now assist and support the HSE in the deployment of end point devices such as servers, desk tops, PCs at locations nationwide. They will also provide operational support nationally to the HSE."