29 November 2022

Ragnar Locker ransomware gang mistakenly attacks Belgium police


Ragnar Locker ransomware gang mistakenly attacks Belgium police

Threat actors behind the Ragnar Locker ransomware operation have published what they thought was data stolen from the municipality of Zwijndrecht, but the data actually belonged to Zwijndrecht police, a police department in Antwerp, Belgium.

The leaked data reportedly contained thousands of car number plates, fines, crime report files, personnel details, investigation reports, and other information. According to local media that call the leak one of the biggest in the country’s public service history, the incident exposed all data kept by Zwijndrecht police from 2006 until September 2022.

Zwijndrecht police has confirmed the incident, but said that the threat actors only accessed a part of the network that held administrative data, affecting mainly employees’ information. According to Marc Snels, chief of police at Zwijndrecht, the data leak was a result of a human error, and all affected individuals are being informed about the incident.

As per Belgian journalist Kenneth Dée, the attackers allegedly gained access to the police network through a vulnerable Citrix endpoint. Dée's investigation of the data revealed telecom service subscriber metadata and SMS of people under covert police investigation, as well as footage from traffic cameras, exposing the whereabouts of individuals at specific dates and times.

“This is the largest law-enforcement leak in the history of Belgium and probably the most impactful leak we have ever seen in our country,” Dée told tech news outlet Bleeping Computer.

“It should be a wakeup call for local police and the way they handle citizens' data, and hopefully, it will set things in motion towards changes on that front.”


Back to the list

Latest Posts

Tornado Cash users’ funds at risk due to malicious code

Tornado Cash users’ funds at risk due to malicious code

The exploit primarily targeted users accessing Tornado Cash via IPFS gateways, like ipfs.io and cf-ipfs.com.
27 February 2024
Ransomware attack on Optum subsidiary disrupts healthcare services across the US

Ransomware attack on Optum subsidiary disrupts healthcare services across the US

The attack compromised Change Healthcare's IT systems, leading to widespread disruptions in pharmacy services across the US.
27 February 2024
New IDAT Loader variant uses steganography to deliver Remcos RAT

New IDAT Loader variant uses steganography to deliver Remcos RAT

While focusing their strategic efforts on entities in Ukraine, UAC-0184 seemingly aimed to broaden their scope to include further entities associated with Ukraine.
27 February 2024