"While it may take weeks to get all systems back, steady progress is being made," the Irish health minister, Stephen Donnelly, said in a Twitter post on Monday following the ransomware attack that took place last Friday. "Hundreds of people are working flat out in response to this despicable cyber attack on our health system and on patients. We're focused on getting health services and appointments for patients back on track as quickly as possible." The government shut down all the IT systems in the country's healthcare network as a precautionary measure when it discovered the attack.
It was actually an attack on both the Health Ministry and the Health Service Executive, the country's healthcare system. HSE Chief Executive Paul Reid said the cost of restoring the IT system is estimated at tens of millions of euros. According to the minister, the emergency network and the COVID-19 vaccine network are running again. But there were widespread cancellations of cardiac checks, radiotherapy appointments, x-rays, CT scans and processing of non-emergency blood tests.
The Bleeping Computer website, a partner in Europol's "no more ransom" project, published a screenshot of a chat between its reporters and the Conti ransomware gang (which is behind the ransomware of the same name, and is also known by the name Wizard Spider) in which they requested an amount of nearly $20 million in exchange for providing the decryptor and deleting the stolen data without publishing it. Irish Prime Minister Taoiseach Micheál Martin officially announced that he refuses to pay the ransom.
The attack on the Irish health services was the latest in a growing series of attacks on healthcare systems worldwide as cybercriminals recognize the pressure that these services are under during the global pandemic, and therefore see them as more vulnerable and more likely to pay ransom. A report published by cybersecurity company Check Point at the end of January found that during the two months before the publication, there was an additional 45% increase in these attacks compared to previous months, more than double the 22% overall growth in cyberattacks on all sectors worldwide during the period.