Tag Archive for: hits

Cyber Attack Hits NJ Police Department – NBC New York

/in


The Camden County Police Department experienced a ransomware attack that has been locking many criminal investigative files and day-to-day internal administration abilities, several law enforcement officials said. 

Investigators said the attack started in the middle of March and technicians continue working to try to get all systems back up and running.

A police spokesman confirmed the cyber intrusion but stressed the ransomware attack did not impact 911 call systems or other public safety responses.

CCPD spokesman Dan Keashen said the malware first hit the department about three weeks ago. 

“The agency is operational and did not experience any disruption or outages in its public safety response services to the Camden City Community,” Keashen said.

The FBI, NJ State Homeland Security’s office and the New Jersey attorney general’s office were all notified of the incident and are assisting in the investigation, several officials said.

Sources familiar with the matter said the hackers were demanding hundreds of thousands of dollars to unlock the files as a result of the malware. Keashen declined to comment on what group might be behind the incident or how much money was being demanded.

Sources briefed on the matter said electronic police files were among those locked and inaccessible — delaying some investigations. One official said about 80-85 percent of the files have now been reopened. Keashen said the department “is working with information technology and law enforcement professionals to ensure there is no remaining threat in our network.”

An epidemic of ransomware attacks has prompted Biden administration officials to deem them a national security threat. But what exactly is “ransomware” and how do these cyberattacks work?

One law enforcement source said investigators were looking into whether the incident began after a police department employee opened a personal email that was malware on a police department device.

Two sources said the Camden County Prosecutor’s office has also been hit by a hacking incident impacting some files. It is unclear how significant of a cyberattack the office suffered in the last couple of…

Source…

New Rorschach ransomware hits with unique features and very fast encryption

/in


Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far.

“A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when executed on a domain controller (DC) while it clears the event logs of the affected machines,” researchers from security firm Check Point said in a new report. “In addition, it’s extremely flexible, operating not only based on a built-in configuration but also on numerous optional arguments which allow it to change its behavior according to the operator’s needs.”

The Check Point researchers came across the ransomware strain while responding to a security incident at a US-based company. Later they realized that researchers from South Korean security firm AhnLab had previously documented a variant in February, but attributed it to the known DarkSide ransomware operation. Check Point believes this is incorrect and the confusion might be because there were similarities in the ransom notes dropped by the two threats, but not in every case. In other incidents, Rorschach dropped a ransom note similar to one used by another ransomware program, Yanluowang.

The variety in behavior exhibited by this ransomware program, which seems to have borrowed techniques and code from various other ransomware threats, led to the Check Point researchers naming it Rorschach after the popular psychological test where subjects can have different perceptions of the same inkblots shown to them.

Rorschach features DLL side-loading

In the incident investigated by Check Point, Rorschach was executed by exploiting a DLL side-loading vulnerability in a component of the Palo Alto Network’s Cortex XDR, a commercial security product. Specifically, the attackers dropped a copy of the Cortex XDR Dump Service Tool version 7.3.0.16740 together with a file named winutils.dll that serves as a loader for the ransomware.

DLL side-loading is a technique in which attackers plant a malicious DLL library with a particular name…

Source…

Oakland ransomware attack hits non-emergency police operations

/in


Oakland ransomware attack hits non-emergency police operations

The ransomware attack on the City of Oakland will move into its second week on Wednesday with no solution in sight.

OAKLAND, Calif.The ransomware attack on the City of Oakland will move into its second week Wednesday with no solution in sight.

The Oakland Police Department headquarters was especially hard hit on Tuesday as the hack brought some operations to a near halt.

People lined up in the lobby area of the headquarters to file reports and the clerks were forced to do everything by hand.

PREVIOUS COVERAGE: City of Oakland hack attack for ransom drags on

Clerks typically file reports electronically, but their computers were not working because of the attack. 

Any payment made on Tuesday had to be done in cash, clerks couldn’t process credit cards or checks.

Those who waited in line police department headquarters declined to be interviewed.

But over Zoom, Shannotta Norwood told KTVU it took her two visits, over course of two days to file a simple report for a stolen car. 

“I do understand it’s a non-emergency report. However, I felt that there was absolutely no urgency from the dispatcher on the non-emergency number down to the officer at the station,” said Norwood.

Oakland Mayor Sheng Thao apologized for the delay. 

“I understand the frustration, you know when we conduct business at City Hall, that some of the resources are not there. But we want to say bear with us,” Thao said.

SEE ALSO: ‘I have not made a decision yet:’ Oakland mayor on police chief

The Oakland Police Department on Tuesday released a statement advising the public of the possible delays.

“For non-emergency crimes, we encourage residents to file an online police report. In the meantime, the public should expect delays,” the statement read.

An Oakland city employee told KTVU that city workers are worried about getting paid on time. 

The employee said workers have to turn their timecards in on Wednesday. They were told that the payroll system has been affected by the attack, and they do not know if they will get paid on time.

Source…

Ransomware attack hits Oakland

/in


OAKLAND, Calif.Oakland was the victim of a ransomware attack that began Wednesday night, police and city officials said Friday. 

The city’s information technology department is working with law enforcement to determine the scope and severity of the attack. 

A ransomware attack occurs when someone encrypts files and demands ransom to decrypt them. The encryption makes the files and the systems that rely on them unusable, according to the U.S. Cybersecurity and Infrastructure Security Agency. 

City officials did not release the amount of ransom the attackers are asking for. 

The attack did not affect residents ability to call 911. Nor did it affect the city’s financial data or fire resources. The public also can still file crime reports on the city’s website. 

City officials are developing a plan to respond to the attack. 

Source…