The Police Federation has defended its decision to wait 11 days before telling its 122,000 uniformed members that it had fallen victim to a ransomware attack on March 9.
The attack on the organisation, a de facto union for police officers, affected “a number of databases and systems” it said in a Q&A on Thursday.
“Back up data has been deleted and data has been encrypted and became inaccessible. Email services were disabled and files were inaccessible.”
See this: 5 Things to do Before Ransomware Strikes
The decision to delay a public statement was the result of the need to protect the integrity of an investigation that involves the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) it added.
Protecting the integrity of the investigation in the early stages was crucial & we've been working with industry experts @NCA_UK to determine the cause & establish whether data had been extracted so that we can be clear on what information may have been affected #PFEWCyberattack
— Police Federation (@PFEW_HQ) March 21, 2019
The Federation has brought in BAE Systems to help with the investigation and says it can’t full tell yet if data has gone missing. The attack appears to have been opportunistic rather than targeted, and part of a “wider campaign” it said.
“There is no evidence at this stage that any data was extracted from our systems but this cannot be discounted. At this stage the risk of data being extracted or misused is low, we wanted to alert those we hold data on as to the risk at the earliest opportunity.”
Police Ransomware Attack: “Slight Resurgence”
Max Heinemeyer, Director of Threat Hunting, Darktrace, told Computer Business Review: “In the wake of this week’s Norsk Hydro attack, we are seeing a slight resurgence of ransomware. The danger is that these attacks don’t have to be technically sophisticated to be devastating. They often abuse systematic weaknesses such as software vulnerabilities, outdated patches and weak administrative credentials”
He added: “We have even seen some late strains of ransomware with a surprisingly low detection rate by commercial antivirus software.”
Israel Barak, CISO at Cybereason, added: “”Today, ransomware infections are having a fraction of the impact they were two-to-three years ago.”
“Most companies have contingencies and tools now that help with the threat. Because of these factors, a growing number of people feel like ransomware is now an understood and contained risk. However, that’s for the most part a false sense of security because most of the lack of recent ransomware outbreaks is due to the attackers using it differently, more surgically, if you will.”
“Law enforcement agencies such as the UK’s Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored. Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for ‘free,’ as humans are the single biggest asset cyber criminals have in extorting money from businesses.”
