The Police Federation of England and Wales has announced that it suffered a malware attack on Saturday but cyber experts were able to isolate the malware to stop it from spreading to multiple branches of the organisation.
The fact that the malware attack took place on a Saturday is understandable considering that most hackers carry out attacks on weekends when most employees are on leave and organisations are ill-prepared to launch prevention and mitigation measures.
According to the federation, the malware attack targeted systems based at Federation House, the organisation's headquarter in Surrey. While the Police Federation is yet to confirm whether it was a ransomware attack or another kind of malware attack, it said that its cyber experts are working diligently along with experts from the NCA's National Cyber Crime Unit, the National Cyber Security Centre, and the National Police Chief's Council to gain a better understanding of the incident.
Hackers may have breached Police Federation systems through malware attack
Even though cyber experts have been able to isolate the malware attack to a few systems and prevented it from spreading to the federation's 43 branches, the Police Federation has refused to discount the possibility of hackers gaining access to sensitive information of police officers and citizens, stating that it is taking steps to notify individuals who may potentially be affected.
"We are deeply sorry that this has happened. The Police Federation takes data security very seriously and responded immediately on becoming alerted to the incident. Our priority has been to mitigate the damage caused by the attack and to protect the personal data of our members and others whose data we hold," said John Apter, PFEW National Chair.
"We remain committed to representing police officers and ensuring they are supported. We have set up dedicated webpage to help officers and other individuals with any questions they may have and have directed them to where they can find guidance on the risks associated with this type of incident," he added.
"The attack on the Police Federation shows that anyone can become a victim of a ransomware attack. Based on available information, the Police Federation has isolated the malware, which is a good step in preventing it spreading deeper into the network. To prevent these types of attacks, organisations should teach practise good cyber hygiene, and enable their organisation to avert social engineering attacks," said Anjola Adeniyi, technical leader at Securonix.
"Law enforcement agencies such as the UK's Police Federation should maintain regular and constant backups of important files and consistently verify that the backups can be restored. Organisations should also educate their employees on refraining from downloading pirated software or paid software offered for 'free,' as humans are the single biggest asset cyber criminals have in extorting money from businesses," said Israel Barak, CISO at Cybereason.
Noting that hackers are increasingly using new techniques to make their ransomware attacks more potent, Barak added that organisations should deploy advanced anti-ransomware technology to prevent the effective execution of ransomware and help to make cybercrime a less profitable and attractive business.