Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

UK Police Federation Hit by Ransomware

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

“The malware is a type of malicious software which seizes and encrypts data. The matter is subject to an ongoing police investigation. We are unable to comment further,” said the PFEW in a FAQ released on Twitter yesterday.

The FAQ continues, “Back up data has been deleted and data has been encrypted and became inaccessible. Email services were disabled and files were inaccessible.”

The attack was not announced until 21 March in a statement that simply describes it as a malware attack. “We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading,” it announced on Twitter. 

It goes on to say the malware was quickly contained, and the incident reported to the data protection regulator (ICO) and the national crime agency (NCA). The criminal investigation is now being led by the NCA, while forensic analysis is being led by BAE Systems’ Cyber Incident Response. 

The NCA alerted the cyber agency, NCSC, which has issued its own statement, including the comment, “The NCSC recommends those who have been affected be vigilant to suspicious emails, texts and phone calls.” While this is good standard advice, it does not preclude the possibility that some personal information may have been stolen during the attack.

“Whilst no evidence of data extraction has been found, the PFEW has been working with the NPCC, local forces and its individual branches to ensure as much information as possible is provided to those potentially affected,” said the PFEW.

The implication from this is that the PFEW is confident that no potentially harmful personal data was stolen. Had that been the case, it would have been bound under GDPR to notify those concerned ‘without undue delay’. In fact, it was 12 days before the organization publicly acknowledged the attack. 

Advertisement. Scroll to continue reading.

Although the PFEW reported the incident to the ICO in a timely manner, and rapidly enlisted the help of the NCA and BAE Systems, there are some questions over the delay in informing its users. “Whether they had a regulatory or legal need to inform the ICO isn’t clear,” comments Matt Walmsley, EMEA director at Vectra; “particularly if there has been no data breach. The launch of a criminal investigation may help salve anger and frustration but is unlikely to result in accurate attribution, never mind a conviction, even if they’ve called in their friends from the National Computer Crime Unit. However, their transparent reporting, even if it’s a number of days after the instance should be commended for its candor.”

David Emm, principal security researcher at Kaspersky Lab, is confident that the attack was a random, speculative ransomware attack rather than a targeted attack. “As with most ransomware attacks, the attack on the Police Federation of England & Wales seems to be the result of random, speculative activity, rather than a targeted attack. The motive is probably to extort money rather than steal data.”

He also believes that PFEW has responded well. “It looks like, in this instance, The Police Federation has absolutely done the right thing in preventing the further spread of the ransomware and notifying the relevant authorities in a timely manner. Being able to quickly respond to such an attack and inform affected parties is also being a key consideration for organizations faced with an ever-growing multitude of threats, especially as the public becomes increasingly aware of the risks to their data should an organization be compromised.”

Nevertheless, taking 12 days to notify its own members is raising eyebrows. 

SecurityWeek contacted the PFEW and BAE Systems to see if any more information is available, but at the time of writing, we have not had a reply.

Related: Aluminum Giant Norsk Hydro Hit by Ransomware 

Related: Ransomware: Where It’s Been and Where It’s Going 

Related: GandCrab: The New King of Ransomware? 

Related: Ransomware Attack Hits Cape Cod Police Department 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.