HSE Ransomware Actors’ Infrastructure Disrupted by Irish Authorities

  • The Irish cybercrime police have identified and seized several domains used by Conti to support their ransomware attacks.
  • This should create a momentary disruption in the operations of the notorious ransomware gang.
  • The actors haven’t been identified yet, but the Irish police say they are making good progress on that front.

It’s been several months since the Irish Health Service (HSE) was crippled by an attack launched by the ‘Conti’ ransomware group, but the aftermath is still underway. As RTE reports now, Ireland’s Garda National Cyber Crime Bureau has seized several domains used in the HSE incident as well as other similar ransomware attacks, significantly disrupting the actor’s operations.

Now, if any victims visit any of these domains, they will see a notice from Ireland’s National Police and Security Service informing them that they may have been compromised by ransomware actors and giving them some pointers on what measures to follow.

Source: Irish Police

This is not only a retaliation move against Conti but also one of actively preventing similar attacks on other valuable organizations in the country. When the HSE was hit in May 2021, national hospitals had to adopt medical practices that go many decades back, like passing handwritten notices around instead of relying upon central patient information database systems.

The health services were severely disrupted as a result, thousands of appointments were canceled, and providing medical care to patients had to be postponed. Eventually, the actors handed over the decryption key to the HSE for free as they realized they wouldn’t get the tens of millions they demanded as ransom and probably had some ethical reservations along the way.

The ‘Garda’ also mentions the valuable help of its partners at Europol and Interpol, who have helped them with the process of identifying and taking down the domains in question. As the agency points out, to date, a total of 753 attempts were made by potentially compromised systems to connect to these domains. This gives us a rough idea of the size of the Conti operations, a ransomware group that remains very active despite the various re-arrangements that took place in the field.

It will be interesting to see how Conti responds to that now, but in general, it is unlikely that they’ll have any trouble moving to new infrastructure. We have checked the group’s Tor portal where victims are extorted, and it’s currently online without any notice about the ‘Garda’ seizures. Also, there are six posts in September alone, so the group remains alive and well, and the most recent reports give details about the hackers targeting Exchange services with ProxyShell exploits.

Image: TechNadu

The Irish police have stated that they will continue the investigation into uncovering those responsible for the HSE attacks and claim they are making steady progress on that front but can’t share many details about it.

REVIEW OVERVIEW

Latest

Banking Trojan Targets 100 Organizations in Brazil

A banking trojan from Latin America was found targeting almost 100 Brazilian organizations and individuals.The malware was first noticed in late August...

The Number of Phishing Emails Impersonating Craigslist Is Growing

Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.These emails rely on brand...

Best Buy, Home Depot, and Lowes Drop Surveillance Companies Linked With Uyghur Oppression

Best Buy, Home Depot, and Lowes have decided to pull off the shelves all the security cameras from Lorex and Ezviz.The US...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari