How Ransomware Impacts Law Enforcement
July 2023 by Zac Amos, Hackernoon
Ransomware gangs aren’t just evading the police but targeting them. Ransomware risks for law enforcement include sensitive data exposure, disrupted emergency services, and financial losses. Yet police departments don’t often have strong cybersecurity measures; they must implement phishing training, AI monitoring solutions, and extensive backup systems to remain secure.
Ransomware is one of the biggest cybersecurity threats facing the world today, and it affects more than just businesses. Many of these attacks target police departments, highlighting the need for better cybersecurity in law enforcement.
As cybercrime has grown, law enforcement agencies — from local police departments to the FBI — have prioritized cracking down on online criminals. However, many of these agencies are now in a different position in this dynamic. Ransomware gangs aren’t just evading the police but targeting them.
The State of Police Ransomware Attacks
Ransomware has risen across the board in the past few years, and attacks against law enforcement agencies are no different. In 2021, the Washington, D.C., Metropolitan Police made headlines for falling victim to a ransomware attack demanding $4 million. Attackers leaked hundreds of sensitive internal documents online after the department refused to pay the ransom.
That same year, cybercriminals demanded a $450,000 ransom from the Dade City, Florida, police department. It refused, and the attackers leaked crime scene photos in revenge. At least nine other law enforcement agencies faced ransomware attacks from 2020 through mid-2021.
Ransomware risks continue to threaten law enforcement agencies today. In February 2023, the U.S. Marshals fell victim to a ransomware attack affecting sensitive information over ongoing investigations and agency employees. The same month, the FBI had to contain malicious activity on its network. Had the agency not acted as quickly as it did, it could’ve led to a similar incident.
Ransomware Risks for Law Enforcement
Ransomware is damaging in any context, but police attacks are particularly pressing. Law enforcement agencies face all the same dangers of a business when these incidents occur, plus an additional layer of urgency, given the nature of their work.
Sensitive Data Exposure
One of the biggest reasons why ransomware gangs like to target law enforcement is that they carry highly sensitive data. In addition to holding personally identifiable information (PII) on many citizens, police departments have electronic evidence, protected witnesses’ identities, and data on secret operations.
Exposing this data could put people in danger, undermine trust in authorities, or hinder ongoing investigations. Even if things don’t reach those extremes, leakage can still have serious consequences. In the Washington, D.C., case, the leaked information included the cellphone numbers and addresses of two dozen officers, which other cybercriminals can use for phishing or identity theft.
Agencies like the FBI hold even more sensitive information. In these cases, ransomware attacks could become a matter of national security, as attackers could pass data on government cybersecurity systems or the identities of undercover agents to other criminals.
Disrupted Emergency Services
Ransomware attacks against police departments and their partner organizations could also stop people from getting needed help. An agency that loses access to mission-critical systems or files may be unable to contact parties or perform services, leaving the citizens they protect vulnerable.
A 2018 ransomware attack led to a 17-hour shutdown of the city’s automated emergency dispatching system. 911 dispatchers could still contact police, fire, and health services but had to rely on slower, manual methods as the ransomware took the electronic system offline. Emergency services were able to recover before long, but the incident highlights the destructive potential of these attacks.
A larger, more effective ransomware attack could take emergency services offline for hours or even days. Even though backup systems would still work, police officers may be unable to respond as quickly as normal. In some situations, those delays could be a matter of life or death.
Just like businesses, police forces face financial ransomware risks, too. These attacks have cost more than $1 billion over the past ten years, and they’re only growing costlier. Those expenses have far-reaching implications when they affect public agencies like law enforcement.
Police departments are tax-funded, so their recovery costs reflect on the taxpayers. Monetary losses in these agencies translate into shortfalls for the public they serve. They may also make it harder for agencies to remain within their annual budgets, leading to a higher economic burden on taxpayers or cutting programs that could help the public.
A police department that must shrink its budget to recuperate from ransomware losses may put off new tech purchases that could make emergency systems more accessible to citizens. Alternatively, it could come at the expense of programs to boost response efficiency or public safety.
How Cybersecurity in Law Enforcement Can Improve
Given the high risks of police ransomware, cybersecurity in law enforcement agencies must improve. Here are a few ways police departments can bolster their cybersecurity to prevent and mitigate ransomware attacks.
Spotting phishing attempts is crucial in avoiding ransomware, as most attacks start this way. Law enforcement agencies should train all employees on common signs of phishing so they don’t fall for these scams. All workers should also know best practices like never clicking on unsolicited links and not sending sensitive information over email.
Considering how sensitive police data is, agencies must also implement advanced monitoring solutions. Artificial intelligence (AI) can continuously monitor networks for suspicious activity to isolate potential threats quickly and accurately. This continuous monitoring should include user and entity behavior analytics (UEBA) and work alongside zero-trust network architecture.
Law enforcement cybersecurity must also include extensive backup systems. That includes keeping offline, air-gapped copies of all sensitive information and having a formal plan for responding to emergencies. These procedures should be detailed, include communications protocol, and cover several backup strategies for multiple scenarios. Police departments should rehearse them regularly to ensure everyone knows how to respond.
Law Enforcement Agencies Need Better Cybersecurity
Ransomware risks are running high across all industries, and government agencies are no exception. Criminals target police departments with increasing frequency and severity, and law enforcement officials must take the time to improve their cybersecurity. Failure to do so could put the public at risk.
Police ransomware protection is a complex but achievable goal. Departments that stay on top of cybercrime trends and keep up with advancing security technology can keep their employees and jurisdictions safe.