Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Report: Clop Ransomware Actors Leak UK Police Data

Supply Chain Attack: Group Breaches an MSP Handling Police Data
Report: Clop Ransomware Actors Leak UK Police Data

Personal information and records of 13 million people held by some of Britain's police forces has been stolen by Russian hackers, according to a news report.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

U.K. newspaper The Daily Mail Online reported that the cybercriminal gang Clop has released some of the data on the dark web after successfully breaching Scotland-based managed service provider Dacoll, which handles access to the Police National Computer.

The gang is reported to have threatened to release more data, and the report also says Clop demanded a ransom from the company after launching a phishing attack in October that gave it access to the personal information and records of 13 million people.

"Ransomware operators are increasingly successful in high-profile attacks against providers to highly sensitive agencies and pilfering databases. Certainly, this is embarrassing to Dacoll and, by extension, police services throughout the U.K.," says John Bambenek, principal threat hunter at digital IT and security operations firm Netenrich.

In addition to working to prevent breaches, Bambenek says that organizations should also prepare for them by knowing what data they have - so they will be able to identify what documents were stolen and thus mitigate the risk of having the data made public.

A spokesperson for Dacoll was not immediately available to comment.

Ransomware Attack

The Mail reported that Dacoll refused to pay the unknown ransom amount to the group, which then began uploading hundreds of files onto its leak site. The leaked files include faces of drivers photographed speeding, taken from the national Automatic Number Plate Recognition system. It is not clear what additional sensitive data might have been leaked.

A spokesperson for Dacoll confirmed to the Mail that the company had been the victim of a cyber incident on Oct. 5 and said it had been able to quickly return to its normal operation levels.

Third-Party Risk

"Cybercriminals will continue targeting various organizations, especially those that provide support to third-party organizations,” says James McQuiggan, security awareness advocate at KnowBe4. He says that supply chain attacks have increased significantly since the SolarWinds cyberattack last year, and he recommends a strong backup strategy or cyber insurance to avoid or cover the cost of a ransom demand since once private data has been stolen, there is zero guarantee of recovering it.

"Ransomware gangs are continuously adapting their tactics to maximize the financial gain from their victims and are now including mass-scale data exfiltration with threat of disclosure if their extortion demands are not met," Clements says.

Clop Ransomware

Clop runs a ransomware-as-a-service operation. It offers a portal that affiliates can use to generate crypto-locking malware and then infect victims. Every time a victim pays, the operator and affiliate share the profits.

In June, just hours before the U.S.-Russia summit at which cybercrime was high on the agenda, authorities in Ukraine said they had arrested six suspected members of the Clop ransomware operation (see: Ukraine Arrests 6 Clop Ransomware Operation Suspects).

Those arrests were made as part of an ongoing international operation coordinated by Interpol and involving law enforcement agencies in South Korea and the U.S., the National Police of Ukraine had said.

In November, Interpol issued two Red Notices seeking the arrest of six more members of the Russian-speaking crime group, as part of an investigation of attacks against Korean companies and U.S. academic institutions by the Clop ransomware threat group that law enforcement agencies have dubbed Operation Cyclone (see: Law Enforcement Operation Targets Clop Ransomware).

A Red Notice is a request to law enforcement agencies worldwide to locate and provisionally arrest a person pending extradition, surrender or similar legal action, according to Interpol.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.