Police Federation Confirms Ransomware Breach

Association of police officers in England and Wales confirms it is the latest to suffer ransomware attack

The Police Federation of England and Wales (PFEW) has confirmed that it has suffered a ransomware attack, but has said that it was not specifically targetted and was likely to have been impacted as part of a wider campaign.

The ransomware attack has apparently only impacted computers at its headquarters in Surrey, and the PFEW said that it does believe that any data has been stolen.

The attack comes just after a ransomware attack this week crippled the huge Norwegian aluminium producer Norsk Hydro, forcing it to switch to ‘manual operations’.

Police Federation

The PFEW meanwhile confirmed the ransomware attack in a Twitter statement.

“We can confirm we have been subject to a malware attack on our computer systems,” it warned. “We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading.”

It said that BAE Systems’ Cyber Incident Response division has been brought in to access the impact and scale of the attack. All relevant authorities have also been notified.

“There is no evidence at this stage that any data was extracted from the organisation’s systems, although this cannot be discounted and PFEW are taking precautions to notify individuals who may potentially be affected,” said the association.

The Police Federation is made up of 120,000 constables, sergeants, inspectors and chief inspectors across 43 police forces.

And some police members reportedly are angry it has taken 12 days for the Federation to inform its members, and took to Twitter to complain.

It is reported that a number of databases and email systems have been encrypted by the criminals, and backups are also said to be impacted.

Expert reaction

Security experts have offered their thoughts on the attack and one has pointed out that new types of cyber defences are needed that can evaluate both external and internal threats.

“The fact that the UK Police Federation has fallen victim to a ransomware attack shows that no system, not even those being defended by industry experts, is invulnerable,” said Max Heinemeyer, director of threat hunting at Darktrace.

“In the wake of this week’s Norsk Hydro attack, we are seeing a slight resurgence of ransomware. The danger is that these attacks don’t have to be technically sophisticated to be devastating,” said Heinemeyer. “They often abuse systematic weaknesses such as software vulnerabilities, outdated patches and weak administrative credentials. We have even seen some late strains of ransomware with a surprisingly low detection rate by commercial antivirus software.”

“Clearly, building walls is no longer enough,” he concluded. “Organisations across all sectors will have to adopt AI defences, to catch attackers already on the inside.”

Another expert said the case highlighted the need for organisations to have appropriate planning in place, in case the worst should happen.

“Every organisation should have a plan in place for a successful ransomware attack,” said Tim Erlin, VP of product management & strategy at Tripwire. “While prevention is preferred, the reality is that no security control is perfect.”

“The key to responding to a ransomware attack is to detect quickly, limit the spread and restore systems back to a trusted state,” said Erlin. “Functional backups are key to recovery, but so is a clear understanding of how systems are configured. Finally, restoring from backups is only useful if you can close the attack vector that allowed the ransomware to gain a foothold in the first place.”

Another expert also pointed to the need to ensure backups are safe and secure.

“Law enforcement agencies such as the UK’s Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored,” said Israel Barak, CISO at Cybereason.

“Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for ‘free,’ as humans are the single biggest asset cyber criminals have in extorting money from businesses,” said Barak. “Lastly, organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cybercrime a less profitable and attractive business.”

This point about appropriate defences was also picked up by another expert.

“While ransomware may have appeared to slow down, it still remains a large threat to many organisations,” said Javvad Malik, security advocate at AT&T Cybersecurity. “Therefore, it is essential that companies put in place, not just detection controls to alert where there may be a ransomware infection, but also have response controls and procedures in place.”

“Preferably automated and orchestrated responses so that affected machines can be quarantined quickly to prevent widespread,” said Malik. “Having reliable threat intelligence can also help in the quick identification of any ransomware or other malware.”

Do you know all about security? Try our quiz!
https://www.silicon.co.uk/security/cyber-security-2017-205701