A ransomware attack affected 70 percent of the public surveillance cameras employed by Washington D.C. police just days before Donald Trump’s inauguration.
According to The Washington Post, city police found that four of their camera sites weren’t functioning properly on 12 January.
Technology officers had a look and found that two separate ransomware variants had affected the network video recorders at those sites, with as many as four closed circuit television (CCTV) cameras connected to each recorder. This prompted an investigation for similar infections across the city.
Overall, officials found 123 of 187 network video recorders had fallen victim to the two ransomware strains. Those infections left all affected CCTV cameras unable to record public surveillance footage between 12 January and 15 January – just about a week before Donald Trump’s inauguration as the 45th President of the United States.
Fortunately, that was the main extent of the attack. Archana Vemulapalli, Washington D.C.’s Chief Technology Officer, told The Washington Post that its public CCTV system’s design prohibited the ransomware from leaping onto another network:
“There was no access from these devices into our environment.”
The system likely sits inside of its own network. This means the ransomware attack never for a second jeopardized the city’s public safety. The incident overall caused “no significant impact.”
Also, while computer criminals were no doubt hoping for a payday, Vemulapalli and her staff denied them the satisfaction by simply removing the affected cameras’ software and reinstalling it.
At this time, an investigation into the attack is ongoing.
Good, because some important questions remain.
As of this writing, it’s unclear who perpetrated the attack or how they infected the network video recorders. It’s possible the cameras were running outdated software or came with factory default credentials, allowing an attacker to search them online via Shodan and infect them with ransomware.
This method of attack wouldn’t be altogether surprising. It’s what happened with Mirai in 2016, so no doubt other actors are now intent on targeting vulnerable Internet of Things (IoT) devices.
Given the threats of a ransomware attack, it’s important that sysadmins update any and all IoT devices’ software whenever upgrades become available. That’s not all that often with most products, and some of these IoT products aren’t designed securely to begin with.
With that in mind, administrators should follow the example of the Washington D.C. police force and keep vulnerable IoT devices isolated, such as on a separate network.
No one ever wants to become a victim of ransomware, but should it ever happen to you, here’s a guide of what you should do to regain access to your affected files.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.