Operators of the Clop ransomware have stolen confidential data held by some of Britain's police forces during the attack on an IT firm Dacoll that handles access to the police national computer (PNC). The group has released some of the stolen files on their leak site after the company has refused to pay a ransom demand.
One of Dacoll's subsidiaries, NDI Technologies, provides a 'critical' service for 90% of the UK's police forces, giving officers remote access to the PNC.
According to the Daily Mail, at the beginning of October Dacoll suffered a phishing attack that allowed the malicious actors to gain access to its systems and confidential information that was being stored there, including that of the PNC, holding the personal information and records of 13 million people.
After the company refused to pay the ransom (Dacoll declined to reveal the amount of ransom asked), the hackers published hundreds of stolen files on their leak site. The leaked information included images of motorists, which Clop appears to have taken from the national Automatic Number Plate Recognition (ANPR) system, footage, and close-up images of the faces of drivers who have committed traffic offenses.
Dacoll’s representative has confirmed the data breach.
“We can confirm we were the victims of a cyber incident on October 5,” said a Dacoll spokesman in a statement. “We were able to quickly return to our normal operational levels. The incident was limited to an internal network not linked to any of our clients’ networks or services.”
The Clop ransomware gang has been active since February 2019. The list of their victims includes many organizations and universities, including the oil giant Shell, American bank Flagstar and the University of California. Like other ransomware gangs, Clop operators use a double-extortion scheme, which involves leaking the data stolen from the victims that refused to pay the ransom.
In November, Interpol said six members of the Clop ransomware gang were arrested in June of this year as part of a thirty-month international law enforcement operation named 'Operation Cyclone'.