The National Cyber Security Centre of Ireland (NCSC) believes that the attack on the country's Health Service Executive (HSE) was most likely carried out by a group that is allegedly based in Russia.
The HSE said on May 14 that its IT systems were shut down after a hacker attack. The country's health ministry later announced that it was also cyberattacked on May 13.
On May 15, the American technology news site Bleeping Computer posted a message from hackers purportedly addressed to the HSE. In it, the attackers claim to have gained access to the HSE network more than two weeks ago. They are demanding a $ 20 million ransom for more than 700 gigabytes of personal data. The Irish authorities refused to pay the ransom.
According to local TV channel RTE, the Irish cybersecurity services believe that the attack was carried out by the Wizard Spider hacker group, which is allegedly based in St. Petersburg. It is reported that local officials have already contacted the Russian authorities. The Russian Ambassador to Ireland Yuri Filatov condemned the cyberattack and offered the government assistance in investigating the case.
The channel also reports that hackers provided the country's authorities with decryption keys, but in messages addressed to HSE employees, the attackers said that if they were not contacted, they would publish or sell personal data.
According to the channel, the attackers could have been pressured by the country or countries where they are based due to the damage done to the health care system in Ireland.
It is reported that the received keys are checked by an IT company hired by the HSE, and experts have reason to believe that the keys are genuine. However, they will not be used until they have passed a full malware scan. According to RTE, this is likely to take several days.
The West has repeatedly accused the Russian Federation of interfering in internal affairs and cyber attacks. Russia has denied all the charges, saying that Western countries have not provided any evidence. Moscow has repeatedly stated that it is ready for a dialogue on cybersecurity.