Continuing the trend with government and law enforcement been targeted by ransomware operators, news broke that the Georgia Department of Public Safety (DPS) has been struck by a ransomware infection. According to Fox News 5, the infection began on Friday, July 26. The infection was discovered when an officer spotted a strange message on a “field laptop”. According to other news sources the infection spread to the entire DPS system effectively crippling some operations. In response, the agency shut down all its IT systems, such as email servers, public website, and backend servers, to contain the infection.
Efforts to contain the infection resulted in the outage police car laptops for three police departments. Those departments included the Georgia State Patrol, Georgia Capitol Police, and the Georgia Motor Carrier Compliance Division. While the effects of the ransomware were felt across departments t did not severely impede the three departments' ability to do their work. With officers treating the outage as if it was planned maintenance or another reason for system downtime. This was not the first time a department of the Georgian government has experienced a cyber incident in recent memory, the Georgia Emergency Management Agency (GEMA) and the Lawrenceville Police department were also hit by ransomware earlier in the month.
With regards to the GEMA incident malware was discovered during a security screening. Officials stated that,
“During cyber security screening by GEMA/HS IT staff on Friday, the malware was discovered within the agency’s computer system. Existing protection software installed on our systems had already isolated and prevented the activation of the malware files, however, out of an abundance of caution, some systems were taken offline until all files could be located and removed. Throughout the incident, GEMA/HS received additional cybersecurity support from state agency partners, and remained capable of providing any necessary public notifications and services during an emergency. The agency has activated our cyber security insurance, which provides a third-party vendor to confirm that all malware has been located and removed.”
The Lawrenceville Police Department believe that they were specifically targeted. Police knew that it was ransomware as the malware in question as files were encrypted. Fortunately, the department backed up all important case files were unaffected by the infection. Sates in the south of the US is not alone in experiencing such attacks.
The Riverside Police Department in Ohio lost 10 months of important work as a result of a ransomware attack. The hacker who carried out the attack demanded 50,000 USD. The question remains then why are law enforcement agencies been actively targeted?
One of the reasons that law enforcement agencies in the US have found themselves on the victim side of the fence is due to the information they deal with daily. With most of the information stored by departments shifting from pen and paper to storing information on computers and an abundance of valuable information resides on the system. Information about cases and accessing such information readily is of essential importance to daily operations. Hackers know this and by targeting place with such information they hope to further put pressure on the victim to pay. Common sense would mean that hackers stay clear of the organization that could bring them to book. However, due to the anonymity often enjoyed by hackers, they feel emboldened to go after such big game targets. This trend is also not just isolated to the US. In March 2019, the UK Police Federation of England & Wales (PFEW) website was subject to a ransomware attack. As it is still a matter of an ongoing investigation very little is known as to the ransomware variant which struck the federation. However, in this instance, law enforcement officials believe that the federation was not targeted specifically and was as a result of “speculative activity”.
Law enforcement agencies have not stood ideally by though and initiatives like No More Ransom, which is a partnership between law enforcement and private enterprises has done much to combat the scourge of ransomware. The project just recently celebrated its third anniversary and has helped stopped GandCrab and other ransomware infections, potentially saving victims 108 million USD. In combatting ransomware and summarising the partnerships approach,
“Prevention remains as the most effective shield of protection. Citizens and business are remained to follow several simple steps to avoid ransomware from getting into their electronic devices in the first place: keep offline backups, ensure the software are up to date, use a robust antivirus and apply caution when clicking on attachments and visiting unknown websites.”
That is good advice no matter who you or your organization are, whether private individual or law enforcement agency. Unfortunately, the trend of law enforcement agencies been targeted by hackers does not seem to be slowing. Precautionary measures seem to be partially effective in stopping a complete shutdown with officers still being able to carry out their duties. The major worry is the loss of data about cases that could set back or completely stop officials investigating cases. In an interview with ZDNet Fleming Shi, CTO at Barracuda Networks, gave an honest assessment as to another factor which makes law enforcement such a prized target, stating that
“We see attacks in New York, Pennsylvania, Utah, Washington, Michigan... the list goes on and on. As long as the victims keep succumbing to these attacks and paying the ransoms, then the attackers will keep going…I personally believe it's a nationwide problem and America, at the municipal level, has not put in enough preventative and detective measures to safeguard our citizens as a whole,”