The New York Police Department had to take its fingerprint system offline when ransomware infected the system.
It’s no secret that public institutions are among the most common targets of cyber attacks, especially hackers looking for a big ransom payoff. Last weekend, a contractor installing a digital display at NYPD could have unknowingly brought down the whole fingerprint database. At one point during the installation, the contractor connected a mini-PC to the police network, introducing a type of ransomware.
Questioning revealed that the ordeal wasn’t a planned attack, just an unfortunate mishap. The contractor wasn’t charged even though the ransomware in question infected 23 machines before it was shut down. The ransomware had spread to the LiveScan fingerprint system by then, but not the fingerprint database. Although the malware was present, it didn’t execute.
The story continued the next day. Two hundred computers connected to the LiveScan network had to have their software reinstalled. Dozens of hours of human labor were wasted on sanitizing and fixing PCs across the city. The cost was significant, but a major catastrophe was averted. It could have cost the city millions to recover from a widespread attack.
The main factor was human error. Whether it’s clicking a link, downloading a file, or plugging in an infected device to a police network, it takes just one mistake for a computer network to become compromised. Policies that forbid employees from connecting devices and removable media to company computers are often not enough. If employees aren’t introduced to the risks of these actions, no firewall or antivirus can protect a system from small, catastrophic mistakes.