Clop ransomware operators have stolen confidential information held by some British police, according to the media the cybercriminal gang targeted the IT firm Dacoll.
According to the media, the cybercriminals compromised the systems at the company, which has access to the police national computer, using a phishing attack.
The security breach was disclosed on Sunday by The Mail, while the group is releasing the stolen data on its leak site on the dark web.
The security breach took place in October, Clop ransomware operators gained access to data managed by Dacoll, including that of the PNC, holding the personal information and records of 13 million people.
Dacoll confirmed the data breach.
“We can confirm we were the victims of a cyber incident on October 5.” said a Dacoll spokesman. “We can confirm we were the victims of a cyber incident on October 5. “We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients’ networks or services.”
Stolen files include images of motorists exfiltrated from the national Automatic Number Plate Recognition (ANPR) system, footage, and close-up images of the faces of drivers who have committed traffic offenses.
“The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ – with the threat of more to follow.” reported the Daily Mail. “Clop is believed to have demanded a ransom from the company, Dacoll, after launching a ‘phishing’ attack in October that gave it access to material, including that of the PNC, holding the personal information and records of 13 million people.”
Dacoll refused to pay and did not reveal the amount of ransom demanded by the ransomware gang. The company has yet to reveal the extent of the security breach and which other information has been stolen.
The media pointed out that one of Dacoll’s subsidiaries, NDI Technologies, provides a ‘critical’ service for 90% of the UK’s police forces, giving officers remote access to the PNC.
The National Cyber Security Centre is providing support to the investigation conducted by law enforcement.
“We are aware of this incident and working with law enforcement partners to fully understand and mitigate any potential impact.” states a spokesman for National Cyber Security Centre.
Clop ransomware gang has been active since February 2019, it targeted many organizations and universities over the years. Like other ransomware gangs, Clop operators implemented a double-extortion model leaking on their leak sites the data stolen from the victims that refused to pay the ransom.
In November, six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation, named Operation Cyclone, led by Interpol.
(SecurityAffairs – hacking, UK Police)