Police Federation hit by ransomware attack

Police association says databases and servers hit by "malware attack which encrypted data" and also deleted some back-ups.

Facing the unique challenges of a ransomware attack Lester Godsey, chief information security officer in Mesa, AZ, discusses how ransomware attacks have changed in the past few years and how to adapt to those changes.

The Police Federation of England and Wales (PFEW) has been hit by an apparent ransomware attack, impacting what's described as a number of its databases and servers.

The Surrey headquarters of the staff association for the police, which represents over 119,000 officers, fell victim to a cyber attack on March 9. A statement by the PFEW says "immediate steps" were made to isolate the incident, with several systems taken offline in order to minimise the spread of a "malware attack which encrypted data".

The ransomware attack encrypted a number of databases and servers, making data and email services inaccessible. The PFEW national members database, claims case management system and booking system for conference and hotel facilities were affected. The attack also deleted backup data.

"A number of our systems were affected and we are working hard with cyber experts to restore systems and ascertain the extent to which data has been made unavailable," said a statement by the Police Federation.

The affected database contains information about PFEW members. While there's currently no evidence that data has also been stolen as part of the attack, the federation says it "cannot be discounted" and that individuals who could be affected will be contacted.

SEE: What happens when the cops get hit with malware, too?

"We are deeply sorry that this has happened. The Police Federation takes data security very seriously and responded immediately on becoming alerted to this incident," said John Apter, national chair of the PFEW.

"Our priority has been to mitigate the damage caused by the attack and to protect the personal data of our members and others whose data we hold," he added.

The incident has been reported to National Cyber Security Centre, the Information Commissioner and the National Crime Agency (NCA). An investigation is underway. 

"The National Crime Agency is leading an investigation and broader law enforcement response into the cyber incident affecting the Police Federation of England and Wales," said an NCA statement.

"Specialist officers from the NCA's National Cyber Crime Unit (NCCU) are managing the ongoing investigation and are working with the PFEW and the National Cyber Security Centre (NCSC) to gain a better understanding of the incident."

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

A spokesperson for the NCSC told ZDNet: "We are aware of a cyber incident affecting the Police Federation of England and Wales and we are working with the organisation and law enforcement partners to advise on mitigation measures."

"The NCSC recommends those who have been affected be vigilant to suspicious emails, texts and phone calls," they added.

The Police Federation has set up a website and a helpline for any members who might be concerned. ZDNet contacted the PFEW, but the organisation said it couldn't comment on an ongoing investigation.

Forensics experts at BAE Systems have also been brought in to to assist the PFEW with the aftermath of the attack. 

"Ransomware attacks are an increasingly common menace to private individuals and businesses alike," Dr Adrian Nish, head of threat intelligence and response at BAE Systems told ZDNet. 

"We hope that reporting around this incident helps to highlight the risk and enables others to get defences in place against such attacks."

READ MORE ON CYBERSECURITY