Pierluigi Paganini January 30, 2017

A Ransomware attack compromised 70% of Washington DC CCTV ahead of inauguration of President Trump, technical staff wiped and rebooted the devices.

A ransomware infected 70 percent of storage devices used by the Washington DC CCTV systems just eight days before the inauguration of President Donald Trump.

The attack occurred between 12 and 15 January, the ransomware infected 123 of 187 network video recorders, each controlling up to four CCTVs. IT staff was forced to wipe the infected systems in order to restore the situation, fortunately, the ransomware did not affect other components of the Washington DC network.

“City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday.” states the Washington Post.

“Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized. Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site.

An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks.”

The first infections were discovered by the Police on Jan. 12 D.C. when the authorities noticed four camera sites were not functioning properly. Experts at the city technology office detected two distinct ransomware in four recording devices, then they extended the analysis to the entire surveillance network and wiped all the infected equipment.

“There was no access from these devices into our environment,” Vemulapalli said.

Interim Police Chief Peter Newsham confirmed that the incident was contained in about 48 hours and there was “no significant impact” overall.

There are some points still no clear:

• Did the local police receive a ransom request? For sure they did not pay it.
• It is no clear if valuable data was lost in the attack or if the police were able to decrypt information for free, for example by using tools like the No More Ransom.
• Who is behind the attack? Cyber criminals that acted to extort money or hacktivist that tried to shut down the CCTV cameras to avoid being recorded during the street protests.

City officials declined to comment.

Pierluigi Paganini

(Security Affairs – Washington DC CCTV, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]