Irish High Court serves HSE hackers an injunction to block data leak

The Irish High Court has issued an injunction against the hackers responsible for last week’s cyber attack on Ireland’s national health and social services provider, the Health Service Executive (HSE).

Responsibility for the attack has been attributed to the Conti hacking group, which had signed off on the ransomware notes as the “Contilocker gang”, demanding a payment of $19,999,000 (over £13 million). The Irish government has so far refused to pay the ransom demand.

The Conti hacking group, which was previously blamed for an attack against the Scottish Environment Protection Agency (SEPA) on Christmas Eve, provided the HSE with a free decryption tool earlier this week, adding that “it will sell or publish a lot of private data if [the HSE] will not connect us [sic] and try to resolve the situation”.

This prompted the HSE to apply for an injunction against the hacking collective, with the Irish High Court ordering the hackers to cease sharing the stolen data, giving them 42 days to identify themselves and enter an appearance to the proceedings, according to the Irish Times.

The legal document aims to prevent the group from selling, processing, publishing, or sharing the stolen HSE data, which includes private medical information related to HSE patients, as well as payroll and HR data of its employees.

However, with no postal or email address attributed to the off-the-radar cyber criminals, the injunction had to be posted onto a website on the dark web thought to be associated with the hacking group.

Although it's an uncommon practice, securing a court injunction against anonymous hackers has precedent, most notably in the case of a cyber attack against London-based shipping company Clarkson PLC in 2017, as well as a second case involving a company who opted to remain anonymous, referred to in court documents by the acronym PLM in 2018.

On Thursday, the HSE released a statement detailing the impact of the ransomware attack, saying that it had had “a significant impact on hospital appointments”, with continued “major disruptions”.

“Slow but steady progress is being made in assessing the impact and beginning to restore HSE IT systems. This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems,” the Irish health service provider added.