HSE officials hope a tool developed by a New Zealand company, which has been offered to the state for free, will significantly speed up systems restoration following ransomware attacks in recent weeks.

The gang on Thursday after the cyber attack gave the HSE a decryption tool to restore healthcare systems which had been rendered useless by malware known as Conti.

O officials on Friday concluded that this tool is genuine and that it works, but that the software is flawed and wrong. Restoring systems using the tool is likely to take weeks and may be faster to manually restore systems from backup instead of using it.

There were also concerns that the software supplied by the gang might contain closed doors which could allow further attacks.

Contractors working for the National Cyber ​​Security Center (NCSC), which is leading the response to the attack, are now evaluating a tool provided by New Zealand cybersecurity company Emsisoft, which may be able to restore the two systems. times faster.

The tool extracts the decryption key from the software provided by the hackers and puts it in a package made to order by the company which should be much more efficient and much more stable.

It is hoped that the software can run twice as fast as the tool provided by hackers.

However, officials believe that even with this upgraded software it will still take a few weeks to restore and check all the systems. The current plan is to decipher critical systems first before moving on to administrative systems and other less urgent systems.

The threat of the criminal gang, known as the Wizard Spider, leaking sensitive data from HSE systems if it does not receive a ransom remains unresolved. The government has insisted that no ransom will be paid.

The Emsisoft decryption tool was provided to the HSE free of charge as part of an assistance program the company provides to healthcare agencies who have been victims of cybercrime during the Covid-19 pandemic.

A Communications Department spokesman who oversees the NCSC said private cybersecurity firm FireEye is coordinating the response and that its team has performed a number of functions to ensure HSE priority systems are restored as soon as possible. .

This includes work related to using the decryption tool released yesterday to enable it to be securely placed on the HSE network. FireEye is supported on this task by the NCSC.

Emsisoft threat analyst Brett Callow said he could not comment on any assistance the HSE is providing.

Asked why cybercriminals handed over the decryption key, he said there were several possible reasons, including that the gang was not completely without a degree of humanity.

He said it was also possible the gang had been under pressure from the government of the country where it is based. Such governments often turn a blind eye to attacks on private business, but may feel that an attack on a country’s health service is an excessive step.

A security source said the gang was thought to have released the key as a kind of expression of goodwill that criminals hope will increase pressure on the government to pay the ransom and prevent the publication of sensitive data.

There is currently no appetite among officials to pay any reward, they said.

According to a report released by the FBI on Thursday, ransomware Conti attacks are on the rise. He said there have been 16 such attacks on U.S. health care and emergency service agencies alone over the past year alone.