back to article Brit Police Federation cops to ransomware attack on HQ systems

The Police Federation of England and Wales (PFEW), a sort-of trade union for police workers, has been battling to contain a ransomware strike on the group's computer systems, it confessed this afternoon. In a statement posted on Twitter, PFEW said it first noticed the attack infecting its systems on Saturday 9 March, "with …

  1. Alex Read

    wow, cop a load of that

  2. Alister Silver badge

    poking a stick into a hornet's nest?

    You'd have to be very brave or very foolish to pursue the ransom...

  3. Doctor Syntax Silver badge

    I think we can be sure that this is one case that will be followed up.

    1. Mark 85 Silver badge

      I daresay that almost all of will agree with that. Funny how they blow off citizens and companies with this happening but when it hits them.....

      What we probably need for LEA's to take a deeper interest is for something like Parliament's or the US Congress offices to be hit.

      1. big_D Silver badge

        Over here, Germany, they are more pro-active.

        A company where a friend works was contacted by the Federal Office for the Protection of the Constitution, because their IP address turned up on a known malware exchange site on the darknet. They were informed about the incident, that they might be targeted and were offered free consultation.

      2. DCFusor Silver badge

        Updates desired

        It would be wonderful if The Reg DOES follow up on this to see their response vs what happens for we less connected beings.

  4. Will Godfrey Silver badge
    FAIL

    Example?

    What does it say to the general public when the police representatives have sufficiently lax security to fall for such an attack?

    1. big_D Silver badge

      Re: Example?

      Security is only as good as the weakest link. If you have some idiot in front of a keyboard opening an infected website or email that is carrying a so far unseen malware there isn't a lot you can do.

      User training is almost more important than the actual electronic security systems.

      The one thing I don't understand is how the backups got deleted. That the currently running backup job / the just finished backup job got deleted before the media was taken offline I could understand, unlucky, but possible.

      But the first rule of backups is that they are offline when not being actively backed up to or restored from. You should also rotate your backup media.

      Our backup rotation is pretty much the simplest you can get, 4 daily sets of backup media and 4 weekly backup sets, with monthly and annual backups stored off site.

  5. Paul Herber

    This isn't just any old malware, it must have been programmed in fuzzy logic.

    1. Zippy´s Sausage Factory

      They should have tried Panda antivirus.

  6. Nursing A Semi

    Run of the mill?

    An organisation that speaks of ransomware infections as "run of the mill" raises a red flag for me, just how many infections a day, week or month do they get?

    1. big_D Silver badge

      Re: Run of the mill?

      It has nothing to do with how often they get malware infections - or how often they are caught before they can do damage.

      "Run of the mill" just means it is a general piece of malware, it wasn't targeted at a specific person or organisation.

  7. Martin Pittaway

    Security Experts take NOTE

    Should've used Apple. I don't know of any MacOS computer that has been affected.

    1. Walter Bishop Silver badge
      Mushroom

      Re: Security Experts take NOTE

      @Martin Pittaway: “Security Experts take NOTE .. Should've used Apple. I don't know of any MacOS

      Three down votes, how dare you criticize MICROS~1 :]

      1. Halfmad

        Re: Security Experts take NOTE

        They have been down voted for hinting that any OS is immune to attacks.. on a security forum.

  8. N2 Silver badge

    foolish IT?

    https://www.d7xtech.com/cryptoprevent-anti-malware/

    That is all

  9. Anonymous Coward
    Anonymous Coward

    Cyber Essentials?

    I wonder if NCSC will recommend Cyber Essentials?

    https://www.cyberessentials.ncsc.gov.uk/cert-search/?query=Police%20Federation%20of%20England%20and%20Wales

  10. Walter Bishop Silver badge
    Linux

    Security and the weakest link?

    @big_D: “Security is only as good as the weakest link. If you have some idiot in front of a keyboard opening an infected website or email that is carrying a so far unseen malware there isn't a lot you can do.”

    if your ‘computer’ can be compromised by ‘opening an infected website or email’ then there is something seriously wrong with computer security.

    The one thing I don't understand is how the backups got deleted.”

    What backups :]

    1. Halfmad

      Re: Security and the weakest link?

      Might have had backups - but were they tested? Did staff know how to restore them?

      I have asked this of a supplier recently after a malware attack, I got no reply, so I escalated it to his boss. Turns out the guy "in charge of the backups" quit a couple of years ago and nobody was assigned the tasks he had, so backups had not been working for some time and nobody knew where the restore keys were kept for older backups.

      Fortunately they hadn't been hit by an attack, but if I hadn't queried it, how long would have it gone on for? Yes the staff should have figured this out themselves, but we have managers.. to manage.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019