Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


HSE Given Conti Decryptor, High Court of Ireland Hopes to Stop Stolen Data from Spreading

Health Service Executive (HSE), a provider of public health and social care services to residents of Ireland, was disrupted last week after an infection by Conti ransomware. After the initial ransom demand, the threat actors have seemingly changed their minds and gave HSE a decryptor without a ransom payment. Unfortunately for HSE, the threat actors didn’t have a total change of heart as they are still demanding payment to withhold the stolen data. In an effort to control or at least slow the spread of the stolen data, the High Court of Ireland issued an injunction barring any “sharing, processing selling or publishing” data stolen from HSE during the attack. While this is not likely to stop the group behind Conti or any other ransomware group from publishing victim data, the order is meant to prevent “legitimate information service providers” such as Google, Twitter, or news publications from sharing any of the data in their reporting.

Analyst Notes

Unfortunately, any legal orders issued are extremely unlikely to be followed by the criminal groups responsible for the attack on HSE’s network. Though often redacted where necessary, news publications often share screenshots taken after downloading the published data or taken from screenshots being offered by the actors as proof on their leak sites. The High Court of Ireland’s order will still allow publications to report on the attack but is meant to contain the access and spread of the stolen information as much as possible. HSE chief executive Paul Reid has said that he fears all HSE data is compromised. Binary Defense recommends that anyone who has made use of HSE’s services stay vigilant in the coming months for possible scams that could be related to health concerns shared with HSE. If contacted by phone, verify who you are speaking with or call the health care organization yourself before giving out any sensitive information. Pay close attention to the sender on any emails received as well. Because HSE is not yet aware of what data has been compromised, patients should also keep a close watch on bank statements in case of payment data being compromised.