Ireland won't pay Russian hackers $20M Bitcoin ransom

Ireland has been hit by Bitcoin ransomware and they aren't going to pay up! So, this image shows a shady looking figure carrying some stolen files!

Hackers forced Ireland to shut down most of its healthcare-related IT systems last week after the country refused to pay a $20 million Bitcoin ransom.

“A ransom has been sought and won’t be paid in line with state policy,” an Ireland’s Health Service Executive (HSE) spokesperson told the Financial Times.

The attack left doctors unable to access patient records. In a tweet last Friday, HSE said the ransomware affected processing referrals from GPs and other contact appointments.

HSE asked healthcare workers to turn off their laptops and for hospital workers to manage patient records with pen and paper, the report said.

During a podcast relayed by FT, HSE chief Paul Reid said the move to shutter networks was a precautionary measure to a sophisticated cyberattack.

This is having a severe impact on our health and social care services today, but individual services and hospital groups are impacted in different ways. Emergency services continue, as does the @AmbulanceNAS. Updated information will be available @HSELive throughout the day.
— Stephen Donnelly (@DonnellyStephen) May 14, 2021

Reid said Irish police were assisting HSE along with defence forces and third-party security firms. HSE noted the cyberattack hadn’t affected COVID-19 vaccinations.

Tests already booked are also uninterrupted, with emergency departments and national ambulance service open for emergencies.

Non-emergency radiation treatment, X-rays, and physiotherapy services were however reportedly cancelled.

BleepingComputer shared evidence over the weekend linking Ireland’s ransomware attack to Russian hacking unit WizardSpider, which appears to have deployed the Conti malware kit.

The hackers set the Bitcoin ransom at $20 million.

Ireland’s Bitcoin ransom demand note (via BleepingComputer).

DarkSide goes dark after collecting Bitcoin ransom

Ireland’s ransomware attack comes just as major US fuel carrier Colonial Pipeline fully recovered from its own run-in with Bitcoin-hungry hackers.

Colonial similarly closed operations in response to the threat. However, the New York Times later found the company paid $5 million in Bitcoin to the hackers just hours after it was hit on May 7.

Now, Eastern European hacking crew DarkSide has claimed their infrastructure is down at the hands of an unspecified law enforcement agency.

The DARKSIDE announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers and would be closing their service. Decrypters would also be provided for companies who have not paid, possibly to their affiliates to distribute. (2/3)
— FireEye (@FireEye) May 14, 2021

DarkSide sought Bitcoin ransoms but gave a 10% discount for Monero.

“In view of the above and due to the pressure from the US, the affiliate program is closed,” said DarkSide in a translated version of its note, shared by Intel471.

DarkSide told partners they’ll receive decryption tools for companies hit with ransomware but yet to pay up.