The ransomware gang Accounts seems to have offered one for free decryption tool on Irish public health system (HSE), which violated last Friday. However, the hackers warn that they will sell or publish the data who stole from the systems, if they do not receive ransom.
The Ministry of Health was able to stop the attack, but the HSE was forced to shut down its IT systems to prevent further device encryption.
This shutdown of IT systems created various problems, as many hospitals could not access patient records.
The hackers provided free decryption tool
The ransomware gang posted a link to the chat / trading page that led to a free decryptor.
However, the hackers insist they will sell or publish the stolen data if no ransom of $ 19,999.000 is paid.
"We provide the free decryption tool for your network. But you have to understand that we will sell or publish a lot of private data if you do not connect us and try to resolve the situationSays the ransomware gang Conti on the Tor payment site.
Experts have confirmed that the decryption tool is valid and that the data is actually decrypted.
Since the initial attack, there has been no further conversation between the HSE and the Conti ransomware gang.
The safest approach is still restoring systems from backups, but the hackers' decryption tool can be used to recover missing data from the copies.
The Irish government knows about the free cryptographer, but will proceed technical analysis of the tool to detect possible malicious properties.
The decryption tools offered by criminals are usually buggy and do not quickly decrypt victims' files. The security company Emsisoft has created one "Universal Decryptor" twice as fast when decrypting files.
However, although the HSE can now recover encrypted files, there is still a big problem, as there is a risk of leaking sensitive data.
Source: Bleeping Computer