[BreachExchange] Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Thu Jan 13 10:35:54 EST 2022
https://www.theregister.com/2022/01/12/ransomware_new_mexico_prison/
Bernalillo County, New Mexico, has been unable to comply with the
settlement terms of a 27-year-old lawsuit over prison conditions because of
a ransomware attack last week that saw prisoners back under manual control.
County officials on January 6, 2022, filed a notice [PDF] with the New
Mexico District Court overseeing the settlement invoking an emergency
provision in the settlement terms to temporarily suspend their obligations.
Commissioners told the court that all of Bernalillo County, which covers
the US state of New Mexico's largest city Albuquerque, had been affected by
a January 5, 2022, ransomware attack, including the Metropolitan Detention
Center (MDC) that houses some of the state's incarcerated.
To resolve a complaint over prison overcrowding and other alleged rights
violations dating back to 1995, the MDC and aggrieved inmates have agreed
to settlement terms that call for the MDC to take corrective action that
improve prison conditions.
But the ransomware attack last week has interfered with the MDC's ability
to do so, and the prison's systems have yet to be fully restored. Over the
phone, a spokesperson for the facility told The Register on Wednesday that
services are still being repaired.
The attack took automatic security doors offline on January 5th, requiring
officials to open doors manually with keys until that particular function
could be revived.
Officials said in their filing that County-operated databases, servers, and
internet service had been compromised. At MDC, this has meant limited
access to email and no access to County wireless internet. This is
particularly problematic, the officials say, because the MDC's structure
and location interferes with cellular service.
"One of the most concerning impacts of the cyber attack is that MDC is
unable to access facility cameras," they explained. "As of the evening of
January 5th, there was no access to cameras within the facility."
MDC instituted a temporary lockdown in response to the situation.
Court-related video conferences are also not happening.
Several County databases at MDC are also believed to have been corrupted by
the attack.
"The Incident Tracking System (ITS), the database in which MDC creates and
houses all incident reports, including inmate fights, use of force,
allegations of violations of the Prison Rape Elimination Act, is not
currently available as it is suspected to be corrupted by the attack," the
filing states.
"Further, the Offender Management System (OMS) which MDC uses to store and
access information about inmates including inmate account data is likewise
unavailable at the present."
Medical systems outage adds to woes
A spokesperson for Bernalillo County did not immediately respond to a
request to elaborate on recovery efforts but an Albuquerque Journal report
has suggested that technicians hoped to get MDC camera systems working over
the recent weekend.
The plaintiffs in the case have taken the opportunity to submit the
statement [PDF] of a registered nurse who announced that she was quitting
her job at MDC because of concerns about conditions there. The nurse,
Taileigh Sanchez, describes dire staff shortages at MDC and problems with a
new electronic medical records system, issues that have been made worse by
the ransomware attack.
The attack denied access to current medical records, she said, which may
have prevented some inmates from getting their medications.
Sanchez said she told supervisors about her concerns – which date back
before the ransomware hit – but faced retaliation. "Even though I like my
job, and have even been here 11 years, I will be resigning my full-time
position effective immediately due to the safety concerns I have for our
clientele and our staff," she said in her declaration.
The number of reported ransomware attacks actually decreased from 2020 to
2021, according to security firm Sophos [PDF]. Thirty-seven per cent of
organizations responding to the firm's survey admitted being affected by
ransomware in 2021, compared to 54 per cent in 2020. However, the average
remediation cost more than doubled, rising from $760,000 in 2020 to $1.85m
in 2021.
Last year, despite the statistical decline, there were enough high profile
ransomware attacks – Colonial Pipeline, JBS, and the Washington DC
Metropolitan Police Department – that the Biden Administration made
deterring ransomware a prominent part. of its cybersecurity policy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220113/9b7b5565/attachment.html>
More information about the BreachExchange
mailing list