Police Federation hit by ransomware
The website of the UK’s Police Federation of England and Wales (PFEW) was hit by a ransomware attack on 9 March 2019. The police’s staff association has assured the public no personal data was stolen.
There was some disquiet expressed that while the attack took place on the 9th of March, the PFEW didn’t release a statement on Twitter until the 21st and in that they simply described the attack.
We were alerted by our own security systems on Saturday 9 March. Whilst no evidence of data extraction has been found, the PFEW has been working with the NPCC, local forces and its individual branches to ensure as much information as possible is provided to those potentially affected.
The Police Federation is one the country’s largest staff associations with some 119,000 rank and file officers. This year sees the organisation’s 100th anniversary.
The PFEW said that the malware had been quickly contained and the attack reported to the Information Commissioner’s Office (ICO) and the National Criminal Agency (NCA). The investigation is now being conducted by the NCA, while forensic analysis is being led by BAE Systems’ Cyber Incident Response.
The fact that the PFEW did not notify any who may have been affected by the attack ‘without undue delay,’ as they are bound to under GDPR, shows that the PFEW are confident no harmful data was stolen.
Nevertheless, some have argued that a delay of 12 days was concerning.
Whether they had a regulatory or legal need to inform the ICO isn’t clear. Particularly if there has been no data breach. The launch of a criminal investigation may help salve anger and frustration but is unlikely to result in accurate attribution, never mind a conviction, even if they’ve called in their friends from the National Computer Crime Unit. However, their transparent reporting, even if it’s a number of days after the instance should be commended for its candour.
Pondering on the nature of the attack, David Emm from Kaspersky Lab, believes the attack was a ‘random, speculative ransomware attack rather than a targeted attack’. He believes the motive behind the malware was monetary rather than to steal data.
He also agrees that overall the PFEW responded well. Being able to quickly respond to such incidences and inform affected parties is key to organisations faced with ever more attacks, particularly those that have such a public impact.
