Hackers forced Ireland to shut down most of its healthcare-related IT systems last week after the country refused to pay a $20 million Bitcoin ransom.
“A ransom has been sought and won’t be paid in line with state policy,” an Ireland’s Health Service Executive (HSE) spokesperson told the Financial Times.
The attack left doctors unable to access patient records. In a tweet last Friday, HSE said the ransomware affected processing referrals from GPs and other contact appointments.
HSE asked healthcare workers to turn off their laptops and for hospital workers to manage patient records with pen and paper, the report said.
During a podcast relayed by FT, HSE chief Paul Reid said the move to shutter networks was a precautionary measure to a sophisticated cyberattack.
Reid said Irish police were assisting HSE along with defence forces and third-party security firms. HSE noted the cyberattack hadn’t affected COVID-19 vaccinations.
Tests already booked are also uninterrupted, with emergency departments and national ambulance service open for emergencies.
Non-emergency radiation treatment, X-rays, and physiotherapy services were however reportedly cancelled.
BleepingComputer shared evidence over the weekend linking Ireland’s ransomware attack to Russian hacking unit WizardSpider, which appears to have deployed the Conti malware kit.
The hackers set the Bitcoin ransom at $20 million.
DarkSide goes dark after collecting Bitcoin ransom
Ireland’s ransomware attack comes just as major US fuel carrier Colonial Pipeline fully recovered from its own run-in with Bitcoin-hungry hackers.
Colonial similarly closed operations in response to the threat. However, the New York Times later found the company paid $5 million in Bitcoin to the hackers just hours after it was hit on May 7.
Now, Eastern European hacking crew DarkSide has claimed their infrastructure is down at the hands of an unspecified law enforcement agency.
“In view of the above and due to the pressure from the US, the affiliate program is closed,” said DarkSide in a translated version of its note, shared by Intel471.
DarkSide told partners they’ll receive decryption tools for companies hit with ransomware but yet to pay up.