Members of public send messages to cyber gang that attacked HSE

Gardaí are investigating who is seeking to ‘gatecrash’ communication channel to gang

An online message thread established by the cyber gang that attacked the Health Service Executive has been accessed by a number of unknown people, with gardaí trying to establish who they are and what their motivations are.

At least one person who accessed the thread sent sexually explicit and racist comments to the attackers in recent days.

When the HSE systems were attacked earlier this month, a ransom note was attached to every piece of encrypted data or file. It confirmed the HSE was under attack and that a ransom was being sought. The note also contained instructions about how to log into a chat facility on the darknet where the HSE or its representatives could send messages to the attackers.

Those instructions appear to have been used by a number of people not linked to the official investigation into the cyber attack to access the chat facility, with a number of messages now sent to the gang.


Garda sources said some members of the public have been able to access to the messaging facility, via the darknet. Gardaí are investigating who they are and why they were seeking to, as one source put it, “gatecrash” what was effectively intended as a line of communication between the State and the attackers.

Several messages were sent by persons unknown to the gang making initial inquiries of them. These messages appeared to be intended to test if the gang could be reached and to establish if the HSE’s data had been accessed.

In the week that followed the attack, the only time the messaging facility was used to send messages was by the cybercriminals seeking to contact the HSE. Some of those messages demanded a $20 million ransom while others threatened the publication of the data stolen unless the ransom was paid.

The decryption tool to unlock the HSE’s files, computers and IT infrastructure that was offered by the gang late last week to the HSE was also sent via that messaging facility.


Meanwhile, Garda sources said it would be very difficult to trace the gang responsible for targeting the HSE IT system. However, some gardaí are hopeful the attack may prove a major mistake for them. They said cyber gangs operating in Russia, for example, appeared to have the protection of the authorities there as long as they only targeted victims and institutions in the West.

“But attacking a national health service may be seen as them overstepping the mark and [the Irish authorities] just might get a bit more co-operation than you might think,” said one source.

Other gardaí stressed while the Conti malware, or ransomware, used by those who attacked the HSE was controlled by Russian-speaking criminals and Russian-based gangs, they effectively used freelances to carry out some of their attacks. Because of that, the people who attacked the HSE could be anywhere in the world.

Conor Lally

Conor Lally

Conor Lally is Security and Crime Editor of The Irish Times