Cyber infrastructure seized from Irish health service attackers

“This is a crime prevention operation and to date a total of 753 attempts were made by ICT systems across the world to connect to the seized domains,” the Irish Times newspaper quoted the country’s police (Garda) as saying.

Referring to the Garda National Cyber Crime Bureau, it added: “In each instance, the seizure of these domains by the GNCCB investigation team is likely to have prevented a ransomware attack on the connecting ICT system by rendering the initially deployed malware on the victim’s system as ineffective.”

The gangs’ worldwide infrastructure now under the control of the Garda and partner law enforcement agencies was used to send phishing emails. When unsuspecting victims click on links in the emails that allows the attackers’ malware on to a computer and then a wider IT system, as was the case with the HSE ransomware attack.

The incident forced the shutdown of the health service’s computer system. Staff in many departments had to resort to paper records, slowing down processing patients.

The Garda-led operation involved Interpol and Europol and information on the IT infrastructure seized from the gang is now being shared internationally. That will enable decontamination of computers or wider systems which had already been comprised, the newspaper reported.

The police force is also using a splash screen, bearing the Garda logo, which is visible when the seized domain names or websites are accessed. An accompanying message makes it clear to the criminals they have lost the infrastructure and also informs victims the infrastructure used to attack them is now under the control of law enforcement.

The GNCCB believes the gang which attacked the HSE to be Russian-speaking, or hackers using its infrastructure.