[BreachExchange] Cyber criminals executed attack on Bristol police computers

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Tue Jul 27 11:56:38 EDT 2021


https://heraldcourier.com/news/cyber-criminals-executed-attack-on-bristol-police-computers/article_c69c24f2-e320-5d74-9134-52129a50f447.html

Cyber criminals conducted a ransomware attack on the Bristol Virginia
Police Department’s computers earlier this year and now appear to be trying
to sell information on the dark web.

The cyberattack occurred in January, according to City Manager Randy Eads.
In such events, criminals are able to externally gain control of computers
via the internet and either access information to resell or demand ransom
payments for owners to regain access. Eads said the city refused to pay any
ransom.

On Monday, the Bristol Herald Courier obtained a screenshot of the apparent
dark web listing, which appears to show the information is available for
$30,000.

In it, the seller claims to have extracted 2 terabytes of data, including
personal data of employees, data about citizens, offenses, prosecutions,
personal data of citizens, mail archives, video camera recordings, scans of
documents, annual reports, budget reports and other information.

Eads calls that an exaggeration.

“It appears, based on the screenshots provided by the Bristol Herald, that
the cyber criminals are attempting to sell stolen data,” Eads wrote in a
Monday email. “Based on the investigation of our outside forensic experts,
it appears that the type of data the criminals are claiming to sell is
exaggerated. We have given notification to all individuals we believe have
been impacted by this crime. We believe that it was only a limited subset
of information and have provided free credit monitoring to all of those
individuals involved,” Eads wrote.

The number of cyberattacks this year alone is in the thousands. Earlier
this month, the Associated Press reported that 200 U.S. companies were hit
July 2.

“Based on a review of this event by our outside forensic experts, we do not
believe that the cyber criminals were successful in ex-filtrating any
useful information, including any personally identifiable information,”
Eads wrote.

The department worked with “leading outside security experts” and the
Virginia State Police Cyber Crimes Division to conduct an investigation,
Eads said, adding that they reported the attack to the FBI Cyber Crimes
Division and other federal agencies.

The variant of ransomware involved was identified as CryLock.

“The cyber criminals gained access to some of our servers and workstations,
encrypted them and temporarily disrupted our operations,” Eads wrote in a
separate email. “After learning of the incident, the police department
quickly took action to contain the threat, secure systems and restore
affected servers. As a result, the police department was able to resume
operations with minimal impact.”

Ransomware attacks have become increasingly problematic over the last
couple of years, with at least 2,354 local governments, health care
facilities and schools in the U.S. being impacted in 2020, according to a
report by Emisisoft, a New Zealand-based cybersecurity software firm.

The 2020 victims included 113 federal, state and municipal governments and
agencies, 560 health care facilities and 1,681 schools, colleges and
universities, according to the Emsisoft report.

“There have been at least five successful ransomware attacks on police
departments so far this year and data has been stolen in every case. In the
other incidents, the stolen data was simply released online but, in this
case, it appears it’s being auctioned,” Brett Callow, a cybercrime threat
analyst with Emsisoft, wrote in an email.

The data from such attacks can have serious consequences, Callow said.

“Incidents involving police departments can have potentially serious
consequences. For example, in one case the attacks threatened to release
details about informants to the gangs on which they were informing. Other
incidents have resulted in disruption to 911 services, information relating
to prosecutions being posted online and, in some instances, prosecutions
even needed to be dropped due to evidence being lost,” he said.

Eads said the department is using the incident as “an opportunity to work
to improve our security infrastructure.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210727/d216c932/attachment.html>


More information about the BreachExchange mailing list