Ireland’s Gardai Clamps Down on HSE Cyber-Attackers

Ireland’s national police service, Gardai, has carried out a significant operation targeting the gang behind the ransomware attack on Ireland’s Health Service Executive (HSE) in May, which it believes has prevented other such attacks taking place globally. 

On Sunday, a spokesperson said: “A significant disruption operation which targeted the IT infrastructure of a cyber crime group has been conducted by the Garda National Cyber Crime Bureau (GNCCB).

“The Garda National Cyber Crime Bureau have seized several domains used in this and other ransomware attacks.” 

May’s ransomware attack on HSE, carried out with Conti ransomware, led to significant disruption to the Irish health service provider and many patients, costing the organization millions of euros. 

Gardai has used a so-called “splash screen” on the web domains to warn potential victims that ransomware has likely targeted their system.

The seizure of the websites reportedly “directly prevented” other ransomware attacks across the world.

“A process has also commenced between the Garda Siochana and their law enforcement partners at Europol and Interpol to provide the details of the visiting URLs to the member countries to ensure that the infected systems are appropriately decontaminated,” the spokesman said.

“To date a total of 753 attempts were made by ICT systems across the world to connect to the seized domains.

“In each instance, the seizure of these domains by the GNCCB investigation team is likely to have prevented a Conti ransomware attack on the connecting ICT system by rendering the initially deployed malware on the victim’s system as ineffective.”