The Conti ransomware gang has released a free decryptor for Ireland’s health service, the HSE, but warns that they will still sell or release the stolen data.
Ireland’s HSE, the country’s publicly funded healthcare system, and the Department of Health were attacked by the Conti ransomware gang last Friday.
This IT outage has led to widespread disruption in the country’s healthcare system as the HSE recovers from backups and the concerns that the ransomware gang would soon release patient’s data.
Free decryptor released
Today, the ransomware gang posted a link to a free decryptor in their negotiation chat page for the HSE that can be used use to recover encrypted files for free.
However, the threat actors warn that they will still be selling or publishing the stolen private data if a ransom of $19,999,000 is not paid.
“We are providing the decryption tool for your network for free. But you should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation,” says the Conti ransomware gang on their Tor payment site.
As the ransomware sample used in the attacks on HSE is publicly available, security researcher MalwareHunterTeam and BleepingComputer have confirmed that the decryptor can decrypt files that were encrypted during this attack.
Since the initial attack, there has not been any further conversation between HSE, or someone else who had access to the chat, and the Conti ransomware gang.
While the HSE can now recover encrypted files for free, from previous activity of the ransomware gang, the release of the alleged 700 GB of stolen data is likely imminent.