{
	"id": "a533c00f-cfd1-48b9-8e40-9268e9e72ca2",
	"created_at": "2026-04-06T00:18:54.61305Z",
	"updated_at": "2026-04-10T03:21:53.44844Z",
	"deleted_at": null,
	"sha1_hash": "58411f20bb91c42361a2e1b59d80f448ccac9c55",
	"title": "Conti ransomware gives HSE Ireland free decryptor, still selling data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3149139,
	"plain_text": "Conti ransomware gives HSE Ireland free decryptor, still selling data\r\nBy Lawrence Abrams\r\nPublished: 2021-05-20 · Archived: 2026-04-05 17:33:04 UTC\r\nThe Conti ransomware gang has released a free decryptor for Ireland’s health service, the HSE, but warns that they will still\r\nsell or release the stolen data.\r\nIreland's HSE, the country's publicly funded healthcare system, and the Department of Health were attacked by the Conti\r\nransomware gang last Friday.\r\nWhile the Department of Health was able to block the attack, the HSE was not as lucky and was forced to shut down their IT\r\nsystems to prevent further devices from being encrypted.\r\nhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThis IT outage has led to widespread disruption in the country's healthcare system as the HSE recovers from backups and\r\nthe concerns that the ransomware gang would soon release patient's data.\r\nFree decryptor released\r\nToday, the ransomware gang posted a link to a free decryptor in their negotiation chat page for the HSE that can be used use\r\nto recover encrypted files for free.\r\nHowever, the threat actors warn that they will still be selling or publishing the stolen private data if a ransom of $19,999,000\r\nis not paid.\r\n\"We are providing the decryption tool for your network for free. But you should understand that we will sell or publish a lot\r\nof private data if you will not connect us and try to resolve the situation,\" says the Conti ransomware gang on their Tor\r\npayment site.\r\nFree decryptor released for HSE\r\nAs the ransomware sample used in the attacks on HSE is publicly available, security researcher MalwareHunterTeam and\r\nBleepingComputer have confirmed that the decryptor can decrypt files that were encrypted during this attack.\r\nDecrypting files encrypted by HSE ransomware sample\r\nSince the initial attack, there has not been any further conversation between HSE, or someone else who had access to the\r\nchat, and the Conti ransomware gang.\r\nhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/\r\nPage 3 of 4\n\nThe safest approach continues to be to reimage all of their servers and recover from backups, but the decryptor can be used\r\nas needed to recover data missing from backups.\r\nThe government of Ireland is aware of the free decryptor but will be performing a technical review of the tool for malicious\r\nproperties before using it.\r\n\"The HSE is aware that an encryption key have been provided,\" the Ireland Department of Health told BleepingComputer in\r\na statement. \"However further investigations have to be conducted to assess if it will work safely, prior to attempting to use\r\nit on HSE systems.\"\r\nAs threat actor's decryptors are known to be buggy and not optimized to decrypt files quickly, cybersecurity firm Emsisoft\r\nhas created a 'Universal Decryptor' two times faster when decrypting files.\r\nIreland's HSE can use Emisoft's decryptor free of charge as part of their ongoing free assistance program to healthcare\r\nproviders.\r\nWhile the HSE can now recover encrypted files for free from prior activities of the ransomware gang, the release of the\r\nalleged 700 GB of stolen data is likely imminent.\r\nUpdate 5/20/21 2:10 PM EST: Added statement and information about Emsisoft's Universal Decryptor.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/\r\nhttps://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data/"
	],
	"report_names": [
		"conti-ransomware-gives-hse-ireland-free-decryptor-still-selling-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434734,
	"ts_updated_at": 1775791313,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/58411f20bb91c42361a2e1b59d80f448ccac9c55.pdf",
		"text": "https://archive.orkl.eu/58411f20bb91c42361a2e1b59d80f448ccac9c55.txt",
		"img": "https://archive.orkl.eu/58411f20bb91c42361a2e1b59d80f448ccac9c55.jpg"
	}
}