Gardaí trawl leaked files of HSE cyber gang

Gardaí trawl leaked files of HSE cyber gang

A Ukrainian security researcher has dumped over 60,000 internal messages of the cyber gang called Conti. Cyber experts have told the Irish Examiner  that there is a goldmine of data in the files for law enforcement.

Tue, 08 Mar, 2022 - 03:00
Cormac O'Keeffe Security Correspondent

Garda cyber experts are trawling through thousands of digital records belonging to a notorious cyber gang behind the HSE cyberattack that were leaked online after it backed Russia’s invasion of Ukraine.

It is estimated that 60,000 messages belonging to the Conti gang were made public by a Ukrainian security researcher in response to the outfit siding with Russian president Vladimir Putin.

The Conti ransomware attack on the HSE crippled the health and wider social services computer systems for months after it was launched in May 2021.

Last October, the EU cyber agency (Enisa) cited the HSE attack as one of the major ransomware incidents in 2020 and 2021.

It said the Conti group, which is based in Russia, was considered to be the second most dominant player in what it said was a booming ransomware market.

It said, based on crowdsourced ransomware payment data, that Conti made the most financial gains in 2021 with payments in the order of $12.7m (€10.95m).

It said the group accounted for 10% of market share of ransomware incidents in the first three months of last year, putting it in second place.

The group has now been severely damaged after an internal row following a declaration by the gang that it was firmly siding with Russia in the war on Ukraine.

Experts believe that as a result a Ukrainian security researcher decided to dump more than 60,000 internal messages of the group.

These conversations, contained in 400 files, are said to contain information about the gang's activities, including previously unreported victims, bitcoin addresses, and discussions about their operations.

There are said to be English translations of the files.

The Irish Examiner understands that a team of detectives in the Garda National Cyber Crime Bureau is trawling through the files and is hopeful of gaining further knowledge and evidence.

There is a huge volume of material to go through and officers are said to be only interested in anything that can tie Conti directly to the HSE attack.

The process is thought to take several weeks as detectives also have to verify the information they uncover.

External cyber experts have told the Irish Examiner that there is a goldmine of data in the files for law enforcement.

While the bureau is ultimately aiming for prosecutions of those involved, some sources suspect that might not be achievable, particularly given the current relationships between Ireland and the EU with Russia.

The former head of the UK’s National Cyber Security Centre, Ciaran Martin, said Conti’s initial statement provided “an unusually obvious glimpse into the strange but largely symbiotic relationship between the Russian state and organised cyber-criminality”.

Read More

Gardaí seize servers of gang behind HSE cyberattack

x

CONNECT WITH US TODAY

Whatsapp logo

WHATSAPP

Newsletter logo

NEWSLETTERS

Notification logo

NOTIFICATIONS

Be the first to know the latest news and updates

More in this section

Police Stock Baby threatened with broken glass during Belfast carjacking
Ireland stock Man arrested over alleged assault on Catherine Connolly canvasser
Watch: The Hope Foundation School  sneak preview of the annual Men's Shed Halloween display Watch: The Hope Foundation School  sneak preview of the annual Men's Shed Halloween display
<p>Picture: Dan Linehan.</p>

Man, 60s, dies as two injured in two-car crash in Wicklow

READ NOW

Lunchtime News

Newsletter

Keep up with stories of the day with our lunchtime news wrap and important breaking news alerts.

Latest

Most Read

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

© Examiner Echo Group Limited