NYPD Fingerprint Database Target of Ransomware, Result of Third Party Negligence (Dec 10, 2019)
According to the New York Police Department (NYPD) Deputy Commissioner for Information Technology, the NYPD LiveScan fingerprint tracking database was the target of an attempted ransomware attack. The introduction of the malicious ransomware code was inadvertently made by a third-party contractor who was installing video equipment using an infected NUC Mini-PC that was plugged into the network. The ransomware was swiftly detected, and while the ransomware proliferated to 23 endpoint devices, the ransomware was never executed. Public entities like the NYPD have been the target of large-scale ransomware attacks in 2019, likely due to the higher probability of a payout when impacting a highly-essential network.
Recommendation: The NYPD averted potential disaster by having great technical controls in place. It is recommended that organizations use endpoint protection solutions, but remember, new threats are constantly evolving to bypass these protections. Always keep important files backed up. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.