Gardaí investigating the HSE cyberattack seized several websites owned by the gang responsible for a major escalation against Russia-based criminals.
Garda National Cyber Crime Bureau (GNCCB) investigators carried out a “disruption operation” targeting the gang.
The operation, which began three weeks ago and ended recently, allowed An Garda Síochána to “take over” the gang’s websites, which were used to launch the “crippling” cyberattack on the HSE in mid-May.
This is an important step towards bringing cybercriminals to justice, something Gardaí continues to pursue with the help of international law enforcement, said Chief Superintendent Paul Cleary. Independent Sunday.
“We identified and seized the technical infrastructure used by the gang. We have identified several hardcoded domains with Conti-malware, ”he said.
“We are engaging with Interpol, Europol and the police forces of seven jurisdictions for the recovery of evidence within the framework of this investigation.
“It’s a technically complex investigation. But we have the expertise on the unit to deal with it. Despite the challenges, we are confident that justice will be served.
“Criminals will always make mistakes. Potential attribution does not always come in the form of handcuffs to criminals. There are a number of alternatives such as foreclosure of assets and termination of operations. ”
Since Operation Garda took control of the cybergang websites, some 750 companies or individuals have been electronically directed to these sites, which could have resulted in the compromise of “unsuspecting potential victims” in the same manner as the HSE. was attacked.
Potential cyber victims were greeted with a “garda splash screen” indicating that An Garda Síochána confiscated the site as part of a cybercrime attack. It also warns users that their systems may have been compromised.
“We have seen the crippling effect that ransomware attacks can have. The cyberattack on HSE was the most serious cyberattack ever seen in this country, ”said Chief Superintendent Cleary.
The gang behind the HSE attack could now create new areas, but it is not necessarily straightforward.
“They would also need to launch a new phishing attack. What we have accomplished is a major disruption to their operations, ”he said.
Last month, HSE chief Paul Reid said more than 95% of all servers and devices had been restored following the May 14 cyberattack.
The HSE was forced to shut down all computer systems in response.
Health service systems affected included radiology and diagnostic systems, maternal and child care, patient delivery systems, chemotherapy, radiation oncology and radiation therapy.
In accordance with state policy, the HSE did not pay the ransom, which would have been 16 million euros.
The superintendent of Det. Cleary welcomed the upcoming expansion of the GNCCB, which is expected to be bolstered by 20 “essential” civilian technical staff and 34 additional Garda detectives.
Cybercrime is on the rise around the world, he added.
“This year it will cost the global economy $ 6 trillion. Cybercrime does not respect borders. It needs a concerted global effort. Covid has shown that these criminals can tailor their attacks and scams. ”
“We have learned a lot from the HSE cyberattack. Ransomware attacks have reached a tipping point around the world.
Companies are more inclined to pay ransoms than targeted government agencies around the world.
Chief Superintendent Cleary urged companies to make sure they are cybersecurity aware and keep computer systems and passwords up to date.
“Don’t do anything online that you wouldn’t do offline,” he said.