The attack on city surveillance cameras occurred eight days before the presidential inauguration
Two-thirds of Washington, DC’s surveillance cameras were taken offline by two strains of ransomware days ahead of the presidential inauguration earlier this month, city officials have disclosed.
The infection was discovered on 12 January and was contained by 15 January, according to city officials, while police said the cameras affected were unable to record for about 48 hours.
The incident underscores the increasing disruption caused by ransomware, which is typically triggered when someone on an organisation’s network clicks on an attachment in an infected email.
Such attachments may be disguised as invoices or official notifications, and are sent out in massive quantities, although in some cases particular organisations may be targeted, according to computer security experts.
City police initially discovered the infection on 12 January when they found four camera sites weren’t functioning and informed DC’s office of the chief technology officer (OCTO).
OCTO found the storage devices used to record video data from the cameras had been infected by two strains of ransomware, which weren’t named.
A further investigation found the ransomware had affected 123 of the 187 network-connected video recorders that monitor the city’s public spaces.
The closed-circuit devices were on a network that was isolated from the city’s other data networks, said Archana Vemulapalli, the city’s chief technology officer.
“There was no access from these devices into our environment,” she told The Washington Post.
She said the problem was resolved by taking the affected devices offline and reinstalling the affected software, with no ransom being paid.
The Post cited a Secret Service official as saying the incident, which occurred eight days before the US presidential inauguration on Friday, 20 January, had not affected public safety.
Vemulapalli said an investigation into who carried out the attack is ongoing.
Interim police chief Peter Newsham said the incident had “no significant impact”.
Ransomware, which tripled in prevalence over the past year, has affected a number of public bodies, including libraries and hospitals in the US.
It disrupted San Francisco’s public transport ticketing system in November, and has affected at least one-third of NHS trusts, according to responses from recent freedom of information requests.
Most recently a four-star hotel in the Austrian Alps said its computer systems had been attacks.
The attacks disabled its IT facilities and meant the hotel wasn’t able to issue new electronic key-cards until the ransom was paid, the hotel said.
Law-enforcement officials advise against paying ransoms, since it encourages criminals and may not result in systems being restored.
However, security researchers say there is usually no other way to gain access to locked systems aside from restoring them from a backup.
Do you know all about security? Try our quiz!