Security Experts:

Connect with us

Hi, what are you looking for?



UK Police Federation Hit by Ransomware

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

“The malware is a type of malicious software which seizes and encrypts data. The matter is subject to an ongoing police investigation. We are unable to comment further,” said the PFEW in a FAQ released on Twitter yesterday.

The FAQ continues, “Back up data has been deleted and data has been encrypted and became inaccessible. Email services were disabled and files were inaccessible.”

The attack was not announced until 21 March in a statement that simply describes it as a malware attack. “We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading,” it announced on Twitter. 

It goes on to say the malware was quickly contained, and the incident reported to the data protection regulator (ICO) and the national crime agency (NCA). The criminal investigation is now being led by the NCA, while forensic analysis is being led by BAE Systems’ Cyber Incident Response. 

The NCA alerted the cyber agency, NCSC, which has issued its own statement, including the comment, “The NCSC recommends those who have been affected be vigilant to suspicious emails, texts and phone calls.” While this is good standard advice, it does not preclude the possibility that some personal information may have been stolen during the attack.

“Whilst no evidence of data extraction has been found, the PFEW has been working with the NPCC, local forces and its individual branches to ensure as much information as possible is provided to those potentially affected,” said the PFEW.

The implication from this is that the PFEW is confident that no potentially harmful personal data was stolen. Had that been the case, it would have been bound under GDPR to notify those concerned ‘without undue delay’. In fact, it was 12 days before the organization publicly acknowledged the attack. 

Although the PFEW reported the incident to the ICO in a timely manner, and rapidly enlisted the help of the NCA and BAE Systems, there are some questions over the delay in informing its users. “Whether they had a regulatory or legal need to inform the ICO isn’t clear,” comments Matt Walmsley, EMEA director at Vectra; “particularly if there has been no data breach. The launch of a criminal investigation may help salve anger and frustration but is unlikely to result in accurate attribution, never mind a conviction, even if they’ve called in their friends from the National Computer Crime Unit. However, their transparent reporting, even if it’s a number of days after the instance should be commended for its candor.”

David Emm, principal security researcher at Kaspersky Lab, is confident that the attack was a random, speculative ransomware attack rather than a targeted attack. “As with most ransomware attacks, the attack on the Police Federation of England & Wales seems to be the result of random, speculative activity, rather than a targeted attack. The motive is probably to extort money rather than steal data.”

He also believes that PFEW has responded well. “It looks like, in this instance, The Police Federation has absolutely done the right thing in preventing the further spread of the ransomware and notifying the relevant authorities in a timely manner. Being able to quickly respond to such an attack and inform affected parties is also being a key consideration for organizations faced with an ever-growing multitude of threats, especially as the public becomes increasingly aware of the risks to their data should an organization be compromised.”

Nevertheless, taking 12 days to notify its own members is raising eyebrows. 

SecurityWeek contacted the PFEW and BAE Systems to see if any more information is available, but at the time of writing, we have not had a reply.

Related: Aluminum Giant Norsk Hydro Hit by Ransomware 

Related: Ransomware: Where It’s Been and Where It’s Going 

Related: GandCrab: The New King of Ransomware? 

Related: Ransomware Attack Hits Cape Cod Police Department 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...