Servers of HSE cyberattack gang seized by gardaí in recent weeks

Head of cyber bureau says gardaí put up warning to potential victims on website

The head of the Garda National Cyber Crime Bureau has told of how gardai recently seized the servers of the gang which carried out the cyberattack on the HSE last May.

Det Chief Supt Paul Cleary said that in the last two weeks the bureau had launched a disruption take down operation where they seized the technical infrastructure of the gang.

“We effectively took their servers, the mains and websites and we put up our own alerts splashed screen with the garda insignia basically warning any potential new victims that they should check their networks that they may be compromised.

“We know that 753 potential unsuspecting new victims would have seen our alert screen and subsequently prevented a further ransomware attack so it was successful and we have more of those type of crime prevention and disruption operations planned into the future.”


He was speaking about a new cybercrime awareness campaign on RTÉ radio’s News at One,

The cybercrime awareness campaign follows a 40 percent increase in fraud offences in the first six months of this year. Det Supt Cleary said there had been a huge increase in “scam texts, calls, hacking ransomware — none more serious than the HSE attack back in May — this has all created huge awareness around cyber-crime.”

The attack on the HSE was still very much a live and ongoing investigation, he added. “It’s being investigated here from the National Cyber Crime Bureau — we have taken evidence from seven different countries around the world and we’re engaging fairly closely with our international law enforcement partners.

“We have gathered significant intelligence in respect of the infrastructure surrounding the gang we believe to be behind the attack including the financing of the group, the tool sets they use in the commission of these offences, information in respect of how they target their victims as well as their interactions between other cyber gangs — so all that information has been shared with our law enforcement partners around the world,” he said.

The ransomware attack on the HSE in May crippled the health service and shut down most of its IT systems and led to the cancellation of thousands of appointments and tests. It was beleived to have been carried out by Russian- linked group Wizardspider.