View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Police Held to Ransom: Federation Defends 11 Day Delay in Notifying Members

"Humans are the single biggest asset cyber criminals have"

By CBR Staff Writer

The Police Federation has defended its decision to wait 11 days before telling its 122,000 uniformed members that it had fallen victim to a ransomware attack on March 9.

The attack on the organisation, a de facto union for police officers, affected “a number of databases and systems” it said in a Q&A on Thursday.

“Back up data has been deleted and data has been encrypted and became inaccessible. Email services were disabled and files were inaccessible.”

See this: 5 Things to do Before Ransomware Strikes

The decision to delay a public statement was the result of the need to protect the integrity of an investigation that involves the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) it added.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The Federation has brought in BAE Systems to help with the investigation and says it can’t full tell yet if data has gone missing. The attack appears to have been opportunistic rather than targeted, and part of a “wider campaign” it said.

“There is no evidence at this stage that any data was extracted from our systems but this cannot be discounted. At this stage the risk of data being extracted or misused is low, we wanted to alert those we hold data on as to the risk at the earliest opportunity.”

Police Ransomware Attack: “Slight Resurgence”

Max Heinemeyer, Director of Threat Hunting, Darktrace, told Computer Business Review: “In the wake of this week’s Norsk Hydro attack, we are seeing a slight resurgence of ransomware. The danger is that these attacks don’t have to be technically sophisticated to be devastating. They often abuse systematic weaknesses such as software vulnerabilities, outdated patches and weak administrative credentials”

He added: “We have even seen some late strains of ransomware with a surprisingly low detection rate by commercial antivirus software.”

Israel Barak, CISO at Cybereason, added: “”Today, ransomware infections are having a fraction of the impact they were two-to-three years ago.”

“Most companies have contingencies and tools now that help with the threat. Because of these factors, a growing number of people feel like ransomware is now an understood and contained risk. However, that’s for the most part a false sense of security because most of the lack of recent ransomware outbreaks is due to the attackers using it differently, more surgically, if you will.”

“Law enforcement agencies such as the UK’s Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored. Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for ‘free,’ as humans are the single biggest asset cyber criminals have in extorting money from businesses.”


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.