29 November 2022

Ragnar Locker ransomware gang mistakenly attacks Belgium police


Ragnar Locker ransomware gang mistakenly attacks Belgium police

Threat actors behind the Ragnar Locker ransomware operation have published what they thought was data stolen from the municipality of Zwijndrecht, but the data actually belonged to Zwijndrecht police, a police department in Antwerp, Belgium.

The leaked data reportedly contained thousands of car number plates, fines, crime report files, personnel details, investigation reports, and other information. According to local media that call the leak one of the biggest in the country’s public service history, the incident exposed all data kept by Zwijndrecht police from 2006 until September 2022.

Zwijndrecht police has confirmed the incident, but said that the threat actors only accessed a part of the network that held administrative data, affecting mainly employees’ information. According to Marc Snels, chief of police at Zwijndrecht, the data leak was a result of a human error, and all affected individuals are being informed about the incident.

As per Belgian journalist Kenneth Dée, the attackers allegedly gained access to the police network through a vulnerable Citrix endpoint. Dée's investigation of the data revealed telecom service subscriber metadata and SMS of people under covert police investigation, as well as footage from traffic cameras, exposing the whereabouts of individuals at specific dates and times.

“This is the largest law-enforcement leak in the history of Belgium and probably the most impactful leak we have ever seen in our country,” Dée told tech news outlet Bleeping Computer.

“It should be a wakeup call for local police and the way they handle citizens' data, and hopefully, it will set things in motion towards changes on that front.”


Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023