Gardaí are concerned a protracted wave of scam attacks could follow if data stolen in an attack on the HSE is published or sold on to other criminals.
Sources told The Irish Times that fraud and extortion attempts could follow over a period of years.
Garda Headquarters on Friday night said the Garda National Cyber Crime Bureau was “continuing its criminal investigation into the cyber attack on the HSE”. It issued a warning to people to never supply personal or banking details, even if those callers appeared to have their personal information.
Senior gardaí told The Irish Times it looked inevitable the stolen HSE data would be published on the darknet or sold, or a mixture of both. They added some of it may have already been sold and that other material may be published on Monday.
Gardaí were fearful personal details such as names, addresses and phone numbers could be harvested by criminals for years and used in scams.
Minister of State for Communications Ossian Smyth said the threat to publish data on Monday was being taken as genuine. “That deadline about Monday did appear on the same [dark web site] as where the decryptor appeared, so it can be assumed it is a genuine threat.”
The State’s Cyber Security Incident Response Team, part of the National Cyber Security Centre, IT teams from the HSE and FireEye, the State’s security contractor, are to work through the weekend.
There is optimism that progress can be made on debugging a decryption key sent by the cybercriminals, which can be used to make a digital tool to help decrypt systems.
Taoiseach Micheál Martin reiterated on Friday that no money had changed hands with the Russian-speaking criminals behind the attack, nor would it. Asked why the decryption key had been offered to the State, he said it had not come via diplomatic channels.