Ransomware Gang Publishes Confidential Police Data on the Dark Web

The Clop ransomware gang has published confidential data held by UK police on the dark web, according to reports over the weekend.

The Mail on Sunday reported that the notorious cybercrime group accessed the information following a successful phishing attack on IT services provider Dacoll in October 2021. This provided Clop with access to vast amounts of material, including data held on the police national computer (PNC), which Dacoll manages.

According to the Mail on Sunday, the attackers uploaded hundreds of files on the dark web after Dacoll refused to pay a ransom demand. Among the PNC files uploaded were close-up images of motorists taken from the UK’s National Automatic Number Plate Recognition (ANPR) system.

It is currently unclear whether Clop holds other information held by the UK Police that it could release in the future.

The report quoted a spokesman for the National Cyber Security Centre (NCSC), who stated: “We are aware of this incident and working with law enforcement partners to fully understand and mitigate any potential impact.”

Breaches of data held by law enforcement agencies are especially concerning, given their highly confidential nature, the potential to disrupt criminal investigations and even fears serious risks will be posed to victims and witnesses of crime should the information fall into the wrong hands. Earlier this year, an FoI request revealed there were more than 2300 data breach incidents reported by just 22 UK police forces in 2020.

Commenting on the story, Jake Moore, cybersecurity specialist at ESET, said: “You may be mistaken for thinking that sensitive data held by police is under very strong protection, but the truth is that even this level of security can still very easily be breached. The level of cybersecurity protection on offer remains as strong as the weakest link, which is often swung by the human factor. The release of personal information amplifies the attackers’ demands and highlights their anger at not having their demands listened to.  

“Like many persistent campaigns, Clop is very sophisticated and determined in their ways, making it very difficult to mitigate against. When very targeted attacks persist, it is very onerous to withstand, and therefore relying on current measures with a touch of good fortune is often the only answer. The release of this data could have very dangerous consequences for those affected and they should ideally be made aware to reduce any follow-on impact.”

The Clop group is believed to be responsible for a number of major ransomware attacks in recent years, including on oil giant ShellSwire Pacific Offshore and the University of California. In November, Interpol revealed it is still on the hunt for two suspected members of the Clop ransomware gang after making multiple arrests in the summer following a 30-month operation.

What’s Hot on Infosecurity Magazine?