A Ransomware attack compromised 70% of Washington DC CCTV ahead of inauguration of President Trump, technical staff wiped and rebooted the devices.
A ransomware infected 70 percent of storage devices used by the Washington DC CCTV systems just eight days before the inauguration of President Donald Trump.
The attack occurred between 12 and 15 January, the ransomware infected 123 of 187 network video recorders, each controlling up to four CCTVs. IT staff was forced to wipe the infected systems in order to restore the situation, fortunately, the ransomware did not affect other components of the Washington DC network.
“City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.” states the Washington Post.
“Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized. Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site.
An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.”
The first infections were discovered by the Police on Jan. 12 D.C. when the authorities noticed four camera sites were not functioning properly. Experts at the city technology office detected two distinct ransomware in four recording devices, then they extended the analysis to the entire surveillance network and wiped all the infected equipment.
“There was no access from these devices into our environment,” Vemulapalli said.
Interim Police Chief Peter Newsham confirmed that the incident was contained in about 48 hours and there was “no significant impact” overall.
There are some points still no clear:
Did the local police receive a ransom request? For sure they did not pay it.
It is no clear if valuable data was lost in the attack or if the police were able to decrypt information for free, for example by using tools like the No More Ransom.
Who is behind the attack? Cyber criminals that acted to extort money or hacktivist that tried to shut down the CCTV cameras to avoid being recorded during the street protests.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.