The Police Federation of England and Wales (PFEW) suffered a ransomware infection in which crypto-malware affected several systems at its headquarters.
According to a statement posted about the security incident, the law enforcement association’s security systems sent out an alert at 19:00 local time on 9 March. PFEW’s security teams looked into the alert and discovered that ransomware had encrypted the contents of several systems and databases based at its central office. Those personnel also determined that the malware had disabled the office’s email services, rendered files inaccessible and deleted backup data.
A FAQs page created after the infection reveals that PFEW immediately enlisted the help of BAE Systems in formulating a response. As of this writing, this forensics firm is currently working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) as part of a joint investigation to determine what happened.
PFEW has also notified the Information Commissioner’s Office about the infection.
So far, BAE Systems has not found any indication that the attackers exfiltrated information from PFEW. But the organization still feels it has a “moral and legal obligation to” inform anyone, including its members, whom the incident might have affected. Reflecting this sense of duty, PFEW announced that it will create a helpline and continue to update its FAQs page so that affected individuals can receive timely updates about the ongoing investigation.
Tim Erlin, VP, Product Management and Strategy, explains that this attack highlights how every organization needs to have a plan in place for a successful ransomware attack:
While prevention is preferred, the reality is that no security control is perfect. The key to responding to a ransomware attack is to detect quickly, limit the spread and restore systems back to a trusted state. Functional backups are key to recovery, but so is a clear understanding of how systems are configured. Finally, restoring from backups is only useful if you can close the attack vector that allowed the ransomware to gain a foothold in the first place.
At the same time, organizations should refer to these tips that can help prevent a ransomware infection.