“Attack” on Garda systems is likely a Ransomware incident.

Now that the dust is settling after the IT Security incident, which caused the Garda Síochána (the Irish Police force) to shut down access to their systems late last week, it would appear that it wasn’t quite as nefarious an incident as was being portrayed in the media.

Headlines such as “Mob target Garda computers” were wildly speculative and likely wildly wrong. 

According to Brian Honan, a respected IT Security expert, quoted in an article in today’s Irish Times, “his ‘best guess’ was that the Garda systems had been hit by ransomware. From reading what’s available, this does not seem to me to be a targeted attack.”

With reporters throwing around phrases like “Advanced Persistent Threat” (APT) and “Targeted Attack” like snuff at a wake, it’s no wonder the headlines were sensational.

While full details are still not available, if this had been the result of a genuine Advanced Persistent Threat, then its quite likely that the evil doers were inside Garda systems for quite some time (that’s what the “persistent” bit of this term means). In this case I wouldn’t think they would have been able to restore access to their systems quite as quickly as they did. Hence a simple ransomware incident is quite likely.

Edit: Those fun guys over at Waterford Whispers News (a satirical website) had a different view: