Who is wizard spider? The group responsible for the cyber attack on the HSE 1 month ago

Who is wizard spider? The group responsible for the cyber attack on the HSE

The group are the target of the FBI, the UK’s National Crime Agency, Interpol, and Europol.

Early last Friday, the HSE announced it had temporarily shut down its IT system after it was targeted in a "significant ransomware attack".


Described as possibly the most significant cybercrime attack on the Irish state by Minister of State for eGovernment Ossian Smyth, it has caused major disruptions to health services across the country.

A further cyber attack was carried out on the Department of Health after the ransomware attack on the Health Service Executive (HSE) earlier this week.

Russian hackers known as Wizard Spider have since claimed responsibility for the most serious ever cyberattack on Ireland's critical infrastructure, and are reportedly seeking a ransom of up to €20 million in cryptocurrency. The cyber group is supposedly not motivated by terrorism or espionage.

A screenshot of the ransom note received by the HSE, published by Bleeping Computer, suggested that the Conti crime gang accessed the HSE networks back in April.

The note said that the gang had encrypted files and servers and downloaded over 700GB of personally identifiable information.

The information is said to include the addresses and phone numbers of patients, doctors, and nurses, payroll information, and employment contracts as well as medical records.

The Conti "double-extortion" ransomware first emerged last year and shares similarities with other ransomware such as Ryuk, which has previously been used against other healthcare organisations in the past.


It has been reported that cyber criminal group Wizard Spider had recently switched from Ryuk to the Conti ransomware system, having previously carried out ransomware attacks against state bodies, corporations, and healthcare facilities since 2018.

According to Malpedia, the Wizard Spider threat group is the Russia-based operator of the TrickBot banking malware, which has primarily focused on wire fraud in the past.

This gang appears to be a subset of a growing criminal enterprise consisting of three cyber crime groups Grim Spider, Lunar Spider, and Wizard Spider.

The HSE and Department of Health confirmed that The National Cyber Security Centre, along with the Gardaí and the Defence Forces, is currently investigating the very serious cyber attacks.

The group are also the target of the FBI, the UK’s National Crime Agency, Interpol, and Europol.


The Government has also warned that there is a possible risk of patient medical records being “abused” by the criminal hackers who launched the cyber attack.

In a statement on Monday, the Government described the cyber attack as a “despicable” crime that targeted “critical health infrastructure and sensitive patient data”.

“Any public release by the criminals behind this attack of any stolen patient data is equally and utterly contemptible,” it said.

The Government also urged anyone affected by the hack to contact the HSE and Gardaí.