Latest news with #GardaNationalCyberCrimeBureau
Sunday World
08-08-2025
- Sunday World
Gardai help take down ‘serious' cybercriminal organisation behind $370m ransom payments
'nowhere to hide' | In the US, authorities there said the operation resulted in the seizures of servers, domains and digital assets used to deploy ransomware, extort victims, and launder proceeds A copy of the 'splashscreen' image which has replaced the seized domains The Garda National Cyber Crime Bureau joined United States Immigration and Customs Enforcement (ICE) in a 'disruption operation' targeting the Blacksuit Ransomware Group. Key operational infrastructure, including the dark web leaks page and the victim negotiation site, as well as domains attributed to the international criminal network have been successfully removed. Other law enforcement agencies including the United States Department of Homeland Security (DHS), US Secret Service, the FBI, as well as Dutch, German, UK and Ukrainian police, and Europol took part in the operation. According to a Garda press release, the Blacksuit ransomware group are an organised crime gang responsible for the commission of ransomware and other 'serious cyber criminality internationally'. A copy of the 'splashscreen' image which has replaced the seized domains News in 90 Seconds - Aug 8th 'The Blacksuit ransomware group emerged in May 2023, as a result of the rebranding of the Royal Ransomware Group,' gardai said, 'itself originating from the Conti Ransomware Group, responsible for a number of serious ransomware attacks internationally.' The Garda Assistant Commissioner for Organised and Serious Crime said they will continue to work with international law enforcement colleagues and private partners 'to identify, target and disrupt organised crime groups using the infrastructure to carry out ransomware and other forms of cybercrime'. 'Our work to date involving close collaboration with international partners, including this seizure and takedown of key online operational infrastructure will continue as part of our ongoing effort to keep people safe both on an offline.' According to gardaí, dark web leaks page is a website maintained by a ransomware group on the darknet. It is where they publish the names of victims that refuse to pay a ransom or to engage with them. A victim negotiation site is another site maintained by the threat actors. This is not generally accessible by the wider public, but is where the victims of a ransomware go to engage and communicate with the offenders. In the US, authorities there said the operation resulted in the seizures of servers, domains and digital assets used to deploy ransomware, extort victims, and launder proceeds. 'Disrupting ransomware infrastructure is not only about taking down servers, it's about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,' said HSI Cyber Crimes Center Deputy Assistant Director Michael Prado. Read more 'This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountable.' Since 2022, the Royal and BlackSuit ransomware groups have compromised over 450 known victims in the United States, including entities in the healthcare, education, public safety, energy and government sectors. Combined, the groups have received more than $370 million in ransom payments, based on present-day valuations of cryptocurrency. The ransomware schemes used double-extortion tactics — encrypting victims' systems while threatening to leak stolen data to further coerce payment. 'This investigation reflects the full reach of HSI's cyber mission and our commitment to protecting victims — whether they're small businesses, school systems, or hospitals,' said HSI Washington, D.C. acting Special Agent in Charge Christopher Heck. 'We will continue to target the infrastructure, finances and operators behind these ransomware groups to ensure they have nowhere left to hide.'
Irish Independent
08-08-2025
- Irish Independent
Gardaí help US take down ‘serious' cybercriminal gang behind $370m ransom payments
The Garda National Cyber Crime Bureau joined United States Immigration and Customs Enforcement (ICE) in a 'disruption operation' targeting the Blacksuit Ransomware Group. Key operational infrastructure, including the dark web leaks page and the victim negotiation site, as well as domains attributed to the international criminal network have been successfully removed. Other law enforcement agencies including the United States Department of Homeland Security (DHS), US Secret Service, the FBI, as well as Dutch, German, UK and Ukrainian police, and Europol took part in the operation. According to a Garda press release, the Blacksuit ransomware group are an organised crime gang responsible for the commission of ransomware and other 'serious cyber criminality internationally'. 'The Blacksuit ransomware group emerged in May 2023, as a result of the rebranding of the Royal Ransomware Group,' gardai said, 'itself originating from the Conti Ransomware Group, responsible for a number of serious ransomware attacks internationally.' The Garda Assistant Commissioner for Organised and Serious Crime said they will continue to work with international law enforcement colleagues and private partners 'to identify, target and disrupt organised crime groups using the infrastructure to carry out ransomware and other forms of cybercrime'. 'Our work to date involving close collaboration with international partners, including this seizure and takedown of key online operational infrastructure will continue as part of our ongoing effort to keep people safe both on an offline.' According to gardaí, dark web leaks page is a website maintained by a ransomware group on the darknet. It is where they publish the names of victims that refuse to pay a ransom or to engage with them. A victim negotiation site is another site maintained by the threat actors. This is not generally accessible by the wider public, but is where the victims of a ransomware go to engage and communicate with the offenders. In the US, authorities there said the operation resulted in the seizures of servers, domains and digital assets used to deploy ransomware, extort victims, and launder proceeds. ADVERTISEMENT 'Disrupting ransomware infrastructure is not only about taking down servers, it's about dismantling the entire ecosystem that enables cybercriminals to operate with impunity,' said HSI Cyber Crimes Center Deputy Assistant Director Michael Prado. 'This operation is the result of tireless international coordination and shows our collective resolve to hold ransomware actors accountable.' Since 2022, the Royal and BlackSuit ransomware groups have compromised over 450 known victims in the United States, including entities in the healthcare, education, public safety, energy and government sectors. Combined, the groups have received more than $370 million in ransom payments, based on present-day valuations of cryptocurrency. The ransomware schemes used double-extortion tactics — encrypting victims' systems while threatening to leak stolen data to further coerce payment. 'This investigation reflects the full reach of HSI's cyber mission and our commitment to protecting victims — whether they're small businesses, school systems, or hospitals,' said HSI Washington, D.C. acting Special Agent in Charge Christopher Heck. 'We will continue to target the infrastructure, finances and operators behind these ransomware groups to ensure they have nowhere left to hide.'
BreakingNews.ie
08-08-2025
- BreakingNews.ie
Gardaí part of joint operation including FBI that targeted cybercriminals, dark web leaks
The Garda National Cyber Crime Bureau was part of a joint international operation, also including the FBI and Europol, which successfully targeted assets used by cybercriminals. As part of an ongoing joint operation conducted by international law enforcement, including the Garda National Cyber Crime Bureau, the United States Immigration and Customs Enforcement (ICE), Homeland Security Investigations led a major disruption operation resulting in the seizure and takedown of "key operational infrastructure". Advertisement This included the dark web leaks page and the victim negotiation site, as well as domains attributed to the Blacksuit Ransomware Group. Other law enforcement agencies involved in this operation included the United States Department of Homeland Security (DHS), US Secret Service, US FBI, the Dutch National Police, the German State Criminal Police Office, the UK National Crime Agency, the Frankfurt General Prosecutor's Office, the Ukrainian Cyber Police, and Europol, assisted by private partners. A dark web leaks page is a website maintained by a ransomware group on the darknet. It is where they publish the names of victims that refuse to pay a ransom or to engage with them. A victim negotiation site is another site maintained by the threat actors. This is not generally accessible by the wider public, but is where the victims of a ransomware go to engage and communicate with the offenders. Advertisement The Blacksuit ransomware group are an organised crime group responsible for the commission of ransomware and other serious cyber criminality internationally. The Blacksuit ransomware group emerged in May 2023, as a result of the rebranding of the Royal Ransomware Group; itself originating from the Conti Ransomware Group, responsible for a number of serious ransomware attacks internationally. Commenting today on the operation, Assistant Commissioner for Organised and Serious Crime Angela Willis said: "An Garda Síochána will continue to work with our international law enforcement colleagues and private partners to identify, target and disrupt organised crime groups using the infrastructure to carry out ransomware and other forms of cybercrime. "Our work to date involving close collaboration with international partners, including this seizure and takedown of key online operational infrastructure will continue as part of our ongoing effort to keep people safe both on an offline."
The Journal
14-05-2025
- The Journal
Judge gives gardaí 10 weeks to prepare evidence in €14m 'darknet' crypto case
A JUDGE HAS granted gardaí 10 weeks to complete the book of evidence for the trial of a Dublin man accused of aiding a 'darknet' criminal organisation to launder €14m in cryptocurrency. Kevin Daniel Andrei, 24, of Drynam Avenue, Swords, was charged in August with three counts of possessing close to €600,000 in crime earnings under section seven of the Criminal Justice (Money Laundering & Terrorist Financing). It follows a Garda National Cyber Crime Bureau (GNCCB) probe. Last week, Andrei was further charged with two extra offences: money laundering involving €13,745,756 proceeds of criminal conduct and facilitating 'darknet market' organised crime. Detective Ciaran Byrne said the Director of Public Prosecutions had also directed trial on indictment. He has been granted bail and appeared again at Dublin District Court today when defence solicitor Kate McGhee consented to a prosecution request for an adjournment. Advertisement Judge Kelly ordered the accused to appear again on 25 July to be served with the book of evidence and sent forward for trial to a higher court. He has yet to indicate a plea. In the original three charges, he was accused of 'concealing and disguising the true nature and source of 65 Wirex transactions' totalling €22,049 between 3 March 2021 and 5 September 2022, at various locations. According to another charge, between 26 February 2021 and 26 February 2024, he engaged in 'concealing and disguising the true nature and source of 1,822 Revolut transactions that were the proceeds of criminal conduct,' valued at €227,429. The third claims he disguised the true nature and source of 422 separate Binance transactions worth €341,959 between 21 March 2021 and 20 December 2023 at various places in Ireland. He has surrendered his passport and has to sign on three days a week at his local garda station. He must not apply for a replacement passport or new travel documents, and has to reside at his current address, and always be contactable. Andrei has also been warned 'not to carry out any cryptocurrency transactions' or comment about the case on public forums, including social media.
The Irish Sun
07-05-2025
- The Irish Sun
Dubliner, 24, set for trial accused of helping ‘darknet market' gang launder €14m in cryptocurrency criminal proceeds
A DUBLIN man is to stand trial accused of aiding a 'darknet' criminal organisation in laundering €14m in cryptocurrency crime proceeds. Kevin Daniel Andrei, 24, of Drynam Avenue, Advertisement It follows a Garda National Cyber Crime Bureau (GNCCB) probe. In January, a judge set today as the deadline for the investigation team to obtain directions from the Director of Public Prosecutions. Mr Andrei, who had been on bail, appeared before Judge Miriam Walsh at Cloverhill District Court. He was charged with two extra offences: Advertisement Read more in News Detective Ciaran Byrne said the DPP had also directed trial on indictment. Mr Andrei was briefly remanded in custody because the District Court can't grant bail for the organised crime-related charge. Defence solicitor Kate McGhee moved an immediate application in the Cloverhill High Court bail list. There was no Advertisement Most read in Irish News Prosecutors must complete a book of evidence and serve it on him before he can be returned to the Circuit Court for trial. He has yet to indicate a plea. In the original three charges, he was accused of 'concealing and disguising the true nature and source of 65 Wirex transactions' totalling €22,049 between March 3, 2021, and September 5, 2022, at various locations. According to another charge, between February 26, 2021, and February 26, 2024, he engaged in 'concealing and disguising the true nature and source of 1,822 Advertisement The third claims he disguised the true nature and source of 422 separate Binance transactions worth €341,959 between March 21, 2021, and December 20, 2023, at various places in Ireland. He has surrendered his passport, has to sign on three days a week at his local garda station, not to apply for a replacement passport or new travel documents, reside at his current address, and always be contactable. Mr Andrei has also been warned 'not to carry out any cryptocurrency transactions' or comment about the case on public forums, including 1 Kevin Daniel Andrei was charged in August with three counts of possessing close to €600,000 in crime earnings Credit: Advertisement
