Hacker News new | ask | show | jobs
by comex 1647 days ago
> On the same day, the Attacker posted a link to a key that would decrypt files encrypted by the Conti ransomware. [..] Without the decryption key, it is unknown whether systems could have been recovered fully [..] but it is highly likely that the recovery timeframe would have been considerably longer.

Is the implication that they paid the ransom?

The report seems to go out of its way to avoid stating why the attacker posted the decryption key.
3 comments
paradaux 1647 days ago
The health minister at the time explicitly stated that they did not pay the random, directly or indirectly (e.g. via a third party) although realistically not easily verifiable.

The discussion at the time was the perpetrators didn't expect to have the effect they did, effectively halting the entire health service for several weeks to months. I think the ethics element as the other commenter stated is a valid one, as one is playing with another's life when you interfere with medical operations, routine or otherwise

link
donalhunt 1647 days ago
Another theory floating around was that the publicity was good PR for the attackers.
link
lrem 1647 days ago
I imagine the hacker was somewhat upset by the fact that the victim seems unlikely to be able to pay up and people are about to start dying soon. Having blood on your hands is not only a different matter ethically, but changes the likelihood of law enforcement actually doing something against you.
link
raverbashing 1647 days ago
Maybe, but unlikely. I think it's more of an "ethics" issue (read: attackers don't want to get more heat than needed and also the HSE would have trouble paying for it)
link
Xelbair 1647 days ago
Usually the ransom is paid by 3rd party.

Goverment agency hires a contractor for data recovery, the rate is Ransom + flat rate. they just pay the ransom and recover the data.

link
paradaux 1647 days ago
The ransom was not paid, to the best of my knowledge, indirectly via a contractor as you stated or directly.

https://www.rte.ie/news/2021/0520/1222857-hse-weekly-briefin...

This is the government-funded news media organisation, akin to the BBC here — but I have sufficient trust that they didn't

link
Xelbair 1646 days ago
Yeah looks like they did gave them the decryption tool.

I just know quite a lot of cases where non-health related systems were hit with ransomware over here, and that was the route they took to recover the data.

link