Gardai have carried out a major operation targeting the gang behind the ransomware attack on the Health Service Executive (HSE).
A spokesman said on Sunday: “A significant disruption operation which targeted the IT infrastructure of a cyber crime group has been conducted by the Garda National Cyber Crime Bureau (GNCCB).
“The Garda National Cyber Crime Bureau have seized several domains used in this and other ransomware attacks.”
The ransomware attack on the HSE, which occurred in May, caused major disruption to the health service.
HSE chief Paul Reid said in June that it had had a “devastating impact” and cost the health service millions of euros.
On Sunday, the Garda spokesman said the seizure of the websites had “directly prevented” other ransomware attacks across the world.
A so-called “splash screen” has been used on the web domains by gardai to warn any potential victims that it is likely that their system has been attacked by ransomware.
Gardaí are also working with other police agencies as part of the wider operation.
“A process has also commenced between the Garda Siochana and their law enforcement partners at Europol and Interpol to provide the details of the visiting URLs to the member countries to ensure that the infected systems are appropriately decontaminated,” the spokesman said.
He added that the operation will have a major impact on the cyber crime gang.
“To date a total of 753 attempts were made by ICT systems across the world to connect to the seized domains.
“In each instance, the seizure of these domains by the GNCCB investigation team is likely to have prevented a Conti ransomware attack on the connecting ICT system, by rendering the initially deployed malware on the victim’s system as ineffective.”
