| 16.6°C Dublin

cyber crime Gardaí set to launch probe over ransomware attack on HSE IT systems

The Garda National Cyber Crime Bureau are working with other agencies in the National Cyber Security Centre


Stock image

Stock image

Stock image

Gardaí are this afternoon liaising with the HSE in relation to the ransomware attack that has crippled the health service’s IT systems.

The Garda National Cyber Crime Bureau are working with other agencies in the National Cyber Security Centre (NCSC) in attempting to “manage” the situation.

A formal garda investigation has not yet been launched and the attack is still “being assessed.”

The NCSC is a government agency which is “responsible for advising and informing Government IT and Critical National Infrastructure providers of current threats and vulnerabilities associated with network information security.”

The NCSC is expected to liaise with international police agencies such as Europol on this case, along with Enisa, the EU Agency for Cybersecurity based in Athens.

There was a similar event in the US last week when the Colonial Pipeline systems were taken down in a Ransomware attack.

The company reportedly paid a $5m ransom but that didn’t stop hours-long lines continuing continuing to form at gas stations in the south-east US, as fuel supplies began to dry up and the price of petrol hit its highest point in years.

A group of cyber criminals called Darkside took responsibility for that ransomware attack, which works by hacking into a company or government network, and scrambling the data. The hacker then posts a note in the system demanding payment.

If the organisation pays up, the hacker hands back control.

There have been long-standing fears that companies and agencies in Ireland are vulnerable to a major cyber attack.

Last year there was a major increase in resources at the Garda National Cyber Crime Bureau (GNCCB) with the recruitment of 50 additional detectives and 20 civilian staff – doubling the unit’s capability.

Sunday World Newsletter

Sign up for the latest news and updates

This field is required This field is required

In addition, the GNCCB established six "cyber satellite hubs" in Wexford, Mullingar, Galway and Cork last year.

They are located within garda stations. Two more will come on stream in Cavan and Dublin this year.

A decryption suite purchased for about €500,000 was installed last year in the bureau's headquarters.

When contacted by Sundayworld.com Stephen Rae, chair of the Kobn European Leaders Cybersecurity & FinCrime group, said: “This is the most serious cyber event in Ireland since malign actors based in Russia attacked the Eirgrid systems in 2017.

“That was widely thought to be a warning that they could bring down the Irish electricity system and potentially bring down data centres here, which store 30pc of all EU data.

“The National Cyber Security Centre here which has charge of predicting and preventing cyber attacks on critical state infrastructure will be looking to see who is behind this event, whether they are State actors or organised criminals.

“The Garda’s new Cyber Bureau will also be involved as will Interpol and Europol, identifying the perpetrators from the patterns of previous attacks in other countries.

“What happened here is like where burglars get into your home and change all the locks, the codes to the alarm system and lock you out.”

“The most important thing will be to get the HSE systems up and running as soon as possible. The attackers will be looking for a ransom paid in untraceable crypto currency but that is unlikely to be paid given this is a State agency.

“Now the HSE’s own teams and outside expertise will be looking for work arounds to get back in as the hackers here are unlikely to give a release code in the absence of a ransom.”

Ireland is a target for cybercriminals due to the large amount data stored here, John Demers, the assistant attorney general at the US National Security Division warned at a conference last month.

He was speaking at the IFPC2021 Cybersecurity and FinCrime conference which was streamed from Dublin to delegates representing over 90 countries.

Referencing American outlaw Jesse James’ quip about robbing banks “because that’s where the money is”, Mr Demers said: “Why would you do a cyber-intrusion in Ireland? Because that’s where the data is.

“Ireland has developed a wonderful ecosystem for US and European companies to thrive in, benefiting the companies, countries and Irish citizens.

“Having created that environment, it’s important to note that Ireland is now also a target for cybercriminals,” he added.

As home to the European headquarters of some of the world’s biggest companies, Ireland is at a heightened risk of cyberattacks because it hosts not just the data of Irish citizens, but of citizens from all over Europe, Mr Demers said.

More than 30pc of all EU data rests in Ireland, according to the State’s Cybersecurity strategy document published last year.

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices