With their latest shenanigans, cryptovirological operators have managed to disturb Salisbury, a peaceful cathedral city in Wiltshire, England, by targeting its Police Department. The administration came to know about an anomaly in the digital system of the department when some officers couldn’t access their email and filed complaints with the city’s Information Services. However, after initial shock and surprise, the Information Services experts declared that the city’s Police Department had been hit by a ransomware attack.
As soon as experts understood the nature of the cyber attack, they employed ransomware removal and containment measures. First of all, the experts isolated the infected workstations from the rest of the system to prevent the spread of cryptovirological infection.
The Administration Tried to Engage With the Attackers
Ransomware removal experts strongly advise against getting in negotiations with the perpetrators of the attack to get the decrypter. Salisbury city administration initially tried to engage with the attackers who were asking for an undisclosed amount of ransom to provide the decryption key. However, the negotiations immediately fell out and the administration commenced its ransomware removal activity.
This Is the Biggest Cyber Attack Faced by the SPD
In the last five years, Salisbury Police Department (SPD) experienced three cyber attacks, but all of them had been tackled before they could infect the network. On January 9, the cybersecurity measures employed by the department couldn’t stop the cryptovirological virus. Experts strongly believe that the ransomware attackers enabled to infiltrate the system through a malicious mail.
Backups Saved the Day
One can’t stress enough on the importance of data backups for neutralizing cryptovirological attacks. SPD succeeded in recovering from the attack because all its critical data, like system files and criminal records, was backed up on regular basis.
In the attack, the email network, record management system and network servers took the hit. As a precautionary measure, the department immediately disconnected the network connections to state and national databases. According to cybersecurity experts, there is no evidence that the attackers have stolen or downloaded any of the affected files.
The Inevitable Reality of Downtime
Even though SPD was maintaining data backups, it still had to incur five-day downtime. The major digital operations of the department were up and running from January 11 and the entire restoration completed at January 14. This inevitability of downtime shows that taking up ransomware removal measures are really crucial in the wake of any cryptovirological attack, whether there are data backups or not.
SPD along with many other ransomware victim entities are working with the FBI to track down the attackers. It is important to mention here that the department hasn’t shared any details regarding which cryptovirological strain was used in the attack.