HSE cyberattack: Gardaí believed to have seized hacker's servers

Det. Chief Supt Paul Cleary said that in the last two weeks, the Bureau launched a disruption take-down operation which involved the seizure of the technical infrastructure used by the hackers.
HSE cyberattack: Gardaí believed to have seized hacker's servers

Digital Desk Staff

Gardaí believe they have foiled a number of potential cyberattacks after they launched a server take-down operation targeting the gang which hacked the HSE.

The head of the Garda National Cyber Crime Bureau said garda technical experts were involved in a major operation recently which involved the ‘seizure’ by gardaí of the servers used by the cyber gang which was behind the hugely damaging and disruptive cyberattack on the HSE last May.

As the Irish Examiner reports, it is believed the Russian-based Conti ransomware group was behind the hack.

It is also believed to have made a $20m ransom demand to release ‘stolen’ or encrypted files, which may have allowed the HSE to restore its systems sooner.

But the government refused to meet the demand and said it does not pay ransoms.

The HSE cyberattack, the knock-on effects of which are still being felt in certain areas of the healthcare system, crippled various healthcare IT systems and caused widespread disruption in hospitals across the country.

Operations and appointments were postponed or cancelled and various treatments and patient pathways through various systems were badly disrupted.

Det. Chief Supt Paul Cleary said that in the last two weeks, the Bureau launched a disruption take-down operation which involved the seizure of the technical infrastructure used by the hackers.

Crime prevention

“We effectively took their servers, the mains and websites, and we put up our own ‘alerts splash screen’ with the Garda insignia basically warning any potential new victims that they should check their networks that they may be compromised,” he told RTÉ radio’s News at One, as he highlighted the launch of a new cyber crime awareness campaign.

“We know that 753 potential unsuspecting new victims would have seen our alert screen and subsequently prevented a further ransomware attack, so it was successful, and we have more of those type of crime prevention and disruption operations planned into the future.”

Det. Supt Cleary said there had been a huge increase in “scam texts, calls, hacking ransomware - none more serious than the HSE attack back in May".

“This has all created huge awareness around cyber crime,” he said. Gardaí are still involved in a “live and ongoing investigation into the hack on the HSE.

“It's being investigated here from the National Cyber Crime Bureau - we have taken evidence from seven different countries around the world, and we're engaging fairly closely with our international law enforcement partners,” he said.

“We have gathered significant intelligence in respect of the infrastructure surrounding the gang we believe to be behind the attack including the financing of the group.”

More in this section

Sponsored Content

Add Echolive.ie to your home screen - easy access to Cork news, views, sport and more