A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti:
Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”.
If anyone logs on to the sites they will see a screen warning the site has been seized by the Gardai.
DataBreaches.net had missed the news, probably because the story broke over our Labor Day weekend, and we have never seen any of splash screens described above (SEE UPDATE BELOW). But digging into this, I found a number of news articles that we had, indeed, missed. IT Pro is one of the news outlets that had confirmation of the seizure:
“The Garda National Cyber Crime Bureau have seized several domains used in this and other ransomware attacks,” a Garda spokesperson told IT Pro, adding that the seizure “has directly prevented a large number of further ransomware attacks across the world”.
The Bureau has also notified potential victims of the ransomware gang and is working with Europol and Interpol to ensure that other states are aware of the systems targeted by Conti.
A Garda spokesperson described the operation as “crime prevention”, adding that to date there had been “a total of 753 attempts (…) made by ICT systems across the world to connect to the seized domains”.
UPDATE: Thanks to Brian Honan for providing me with a copy of the seizure splash screen, below, that shows Europol, Garda National Cyber Crime Bureau, and Interpol were all collaborating.