Who is popular today?

A decryption key supplied by the cybercriminals who attacked the HSE is unlikely to significantly speed up the restoration of its systems.
The key has now been verified as genuine and functional by cybersecurity experts working for the HSE and the National Cybersecurity Centre (NCSC), however it is described as “buggy” and “flawed”.
It was tested in a closed system, unconnected to the network, to prevent it causing further damage.
It has been confirmed that the key can be used to decrypt HSE systems but this will take some time and all systems will have to be checked thoroughly before they can reactivated, a process which may take weeks.
In fact, officials may decide to not use the key at all if it is determined that it will be quicker to manually restore the data from HSE backups, as has been happening to date.
Alternatively, they may use the key only on critical systems which need to be restored as a matter of urgency, sources said.
The use of the key will be made even slower by the HSE’s out-of-date computer systems, sources said. Much of its network still uses Windows 7, which is no longer supported by Microsoft, and some computers use even older operating systems.
The decryption key is “not a quick win” but may help to get some key systems back up running more quickly than previously thought, said cybersecurity expert Brian Honan. “But overall, still a long process ahead.”
Experts pointed to the recent ransomware attack on the Colonial Pipeline in the US which cut off oil supplies and led to panic buying and long queues at petrol stations.
The company paid $4.4 million (€3.6m) to the hackers for an encryption key. However, the key worked so slowly that the company ended up manually restoring its system itself. It used the key only on the most critical systems.
“Even if [the key] does work, you still have to restore and check each system carefully . . . before bringing it back online. So it is not a magic ‘switch everything back to the way it was’ button,” said Mr Honan.
The Government has repeatedly insisted it did not pay a ransom for the encryption key either itself, or through a third-party.
The cybercriminal gang, known as Wizard Spider, has said it will still release 700 gigabytes of HSE data on the web unless it receives a €16 million ransom by Monday.
Former detective with the Garda National Cybercrime Bureau Maciej Makowski said it is likely the criminals decided to handover the decryption key because they knew it would probably be very slow to work on the HSE’s “legacy systems”.
He said the criminals had now shifted their focus solely to the data blackmail threat.
A security source said it is thought the gang released the key “as some sort of expression of goodwill” which the criminals hope will increase pressure on the Government to pay the ransom and prevent sensitive data being published.
There is currently “no appetite” among officials to pay any ransom, they said.
They said it is also possible the gang came under external pressure, including possibly from the Russian government, to release the key. The gang is believed to have some links with the Russian government and is permitted to operate from the country as long as it does not damage Russia interests.