Irish police seize Conti domains used in HSE ransomware attack
The Garda’s cyber crime unit confirmed that it had disrupted the hacking gang's IT infrastructure


Ireland’s Garda National Cyber Crime Bureau has announced that it had “seized several domains” used in the ransomware attack on the Irish Health Service Executive (HSE) earlier this year.
The attack, which took place in mid-May, forced the national health and social services provider to shut down its entire IT system, which lead to appointments being delayed or cancelled. The Irish Department of Health was also targeted but managed to prevent Conti from encrypting its network.
On Sunday, almost four months after the attack, the Garda’s cyber crime unit confirmed that it had disrupted the IT infrastructure of the Conti hacking group, which had claimed responsibility for the attack. Thought to be deployed by a Russian group known as Wizard Spider, Conti functions as a type of ransomware as a service (RaaS) operation.
“The Garda National Cyber Crime Bureau have seized several domains used in this and other ransomware attacks,” a Garda spokesperson told IT Pro, adding that the seizure “has directly prevented a large number of further ransomware attacks across the world”.
The Bureau has also notified potential victims of the ransomware gang and is working with Europol and Interpol to ensure that other states are aware of the systems targeted by Conti.
RELATED RESOURCE
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device program
A Garda spokesperson described the operation as “crime prevention”, adding that to date there had been “a total of 753 attempts (...) made by ICT systems across the world to connect to the seized domains”.
“In each instance, the seizure of these domains by the GNCCB investigation team is likely to have prevented a Conti Ransomware Attack on the connecting ICT system, by rendering the initially deployed malware on the victims system, as ineffective,” they said.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
HSE wasn’t the only healthcare provider targeted by the Conti ransomware group. Days after the attack was reported, the US Federal Bureau of Investigations (FBI) found that the gang had also attempted to breach 16 US services, including law enforcement agencies, 911 dispatch services and municipalities, with the attempted attacks all taking place since May 2020.
The FBI Cyber Division stated that the targeted healthcare and first responder networks were “among the more than 400 organisations worldwide victimised by Conti”, out of which “over 290” are based in the US.
Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.
Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.
-
Everything you need to know about Sophos’ new partner program
News The vendor’s new channel initiative unifies the Sophos and Secureworks channel ecosystems to generate new partner opportunities
-
Researchers tested over 100 leading AI models on coding tasks — nearly half produced glaring security flaws
News AI models large and small were found to introduce cross-site scripting errors and seriously struggle with secure Java generation
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees
News The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making