Ransomware Gangs Get More Aggressive Against Law Enforcement

Police departments big and small have been plagued for years by foreign hackers breaking into networks and causing varying level of mischief, from disabling email systems to more serious problems with 911 centers temporarily knocked offline. In some cases important case files have gone missing.

But things have taken a dark turn recently. Criminal hackers are increasingly using brazen methods to increase pressure on law enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The threat of ransomware has risen to a level that’s impossible to ignore, with hardly a day going by without news of a hospital, private business or government agency being victimized. On Saturday, the operator of a major pipeline system that transports fuel across the East Coast said it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat.

The increasingly defiant attacks on law enforcement agencies underscore how little ransomware gangs fear repercussions.

In Washington, D.C., a Russian-speaking ransomware syndicate called Babuk hacked into the network of the city’s police department and threatened to leak the identities of confidential informants unless an unspecified ransom was paid.

“It should be a wake-up call to government that it finally needs to take strong and decisive action,” said Brett Callow, a threat analyst at the security firm Emsisoft.

Making the ransomware attacks potentially more damaging, police are now able to collect and store more personal information than ever before through advances in surveillance equipment and technologies such as artificial intelligence and facial recognition software.

Homeland Security Secretary Alejandro Mayorkas has called ransomware a “threat to national security” and said the issue is a top priority of the White House. Congress is exploring giving state and local governments grant money to boost their response to ransomware.

Because ransomware is so lucrative for its perpetrators, who operate out of Western law enforcement’s reach in Russia and other safe havens, experts say the most important tools for battling it are elementary cybersecurity measures.

Statistics of how many police departments have been hit by ransomware attacks are hard to come by, as is information on whether departments ever pay a ransom. There’s no official count and not every incident is made public.

Callow, the threat analyst, said he’s counted at least 11 law enforcement agencies affected by ransomware since the beginning of 2020. Officers have been locked out of their computer systems and forced to resort to paper records.

Prosecutors in Stuart, Florida, told local media last year they had to drop a case against suspected drug dealers after a local police department’s files were encrypted by a ransomware gang.

In the nation’s capital, the final outcome is uncertain. The Babuk gang’s threats to release more information have so far not come to pass and the files that were posted have been taken down.

The department said in a statement it’s still trying to determine the size and scope of the breach and has urged officers to obtain a free copy of their credit reports. The FBI is assisting with the investigation.

Law enforcement agencies require thorough and intrusive background checks that gather a wealth of information about a person’s history and character. It’s perfect blackmail material for hackers, whether they are criminal gangs or foreign governments. Six years ago Chinese hackers stole millions of background check files of federal government employees from the Office of Personnel Management.

Randy Pargman, who worked for the FBI for 15 years, said police departments need to do some “soul searching” about how they currently protect sensitive data such as background check files. He said many departments don’t have the budget or staffing for sophisticated cybersecurity measures, but could still transfer sensitive files to external hard drives kept offline and used only when needed.

“Every police department needs to think about their threat model and that they will probably be a target at some point,” said Pargman, vice president of threat hunting and counterintelligence at the private firm Binary Defense.