The CCTV cameras that police in D.C. use to monitor public areas were shuttered for three days – a week before the presidential inauguration – when a cyberattack hit the system's network of recorders, according to a report in the Washington Post.
A ransomware attack forced the city's security team to take the system offline while it mitigated the intrusion and reinstalled the system throughout the area.
Around 70 percent of the storage devices used by the D.C. network were infected, city authorities announced on Jan. 27. Nearly 125 of the total of 187 network video recorders used in the district's closed-circuit TV system were hit.
The ransom demand was not paid, Archana Vemulapalli, D.C.'s chief technology officer, said. Rather, the city detached the devices, removed software and rebooted the system at each site, the Post reported.
The incident is still being investigated. It was reported that the attack was localized to the CCTV system and did not extend further.
A number of security experts are agreeing that refusing to pay ransom demands is the way to go. “The less ransom that's paid, the less profitable ransomware will be for the criminals involved," Tim Erlin, senior director of IT security and risk strategy at Tripwire, told SC Media on Monday. "By now, it should be well understood that having functioning backups and a clear, efficient restore process are the best defenses against ransomware."
Erlin added that if a targeted organization finds itself in a position where it has to pay a ransom, it simply was unprepared for the reality of connected computing today. "Security doesn't just happen; it has to be designed into the system. As we connect more and more devices to the internet, we can expect attacks like ransomware to expand their footprint."
Embedded and purpose-built devices are often built with less consideration for unexpected inputs, and can be more vulnerable to attacks, Erlin said.