A US police department suffered a massive data leak, which exposed over 100 GB worth of sensitive files online. The exposed data included thousands of records relating to arrests, crime scene and incident reports. The Warren County Sheriff's Department was also reportedly the victim of a separate ransomware attack in mid-2016.
The data breach was uncovered by MacKeeper security researchers, who discovered it during their "weekly security audits using Shodan API". MacKeeper researcher Bob Diachenko told IBTimes UK in an email that during the audit, researchers "identified an unprotected NAS (Network Attached Storage) device that was publicly streaming data and anyone with an internet connection could have viewed and possibility even downloaded it".
He added: "My understanding is that this NAS device was put by mistake in front of a firewall for a long time already so it became a target for a yet unidentified ransomware group that encrypted part of the information on the drive."
The MacKeeper researchers also discovered that the leaked data included audio recordings of confidential informants (CI), victims, and witnesses as well as recordings of arrests, search warrants, interrogations, and officers calling citizens to give updates on crimes or cases.
The researchers said: "These recordings could not only jeopardise ongoing investigations but also pose as a threat to witnesses and informants. Researchers heard audio recordings involving child molestation allegations, weapons, and drug charges."
However, what most concerned the MacKeeper researchers was the ransomware attack and the instructions likely provided by the cybercriminals behind the attack. According to a screenshot of the ransom note shared by Diachenko with IBTimes UK, the cybercriminals warned the department that decryption was only possible with the private key and decryption program held in their "secret server".
The note read: "Alas, if you do not take necessary measures for [sic] the specified time, then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist."
The MacKeeper researchers claim that they are still uncertain if the department paid any ransom to the cybercriminals. The department's IT administrator told the researchers that the attack occurred in mid-2016 and was consequently "taken care of".
However, the attack suggests that "the citizens of Warren County had their data compromised by cybercriminals who could use the information for fraud or extortion", the researchers pointed out.
"Interestingly, the same ransomware instructions were found in several other companies' backups which appeared to be unprotected from external access, including one of the biggest investment firms in Great Britain," Diachenko added.
It remains unclear if the ransomware attack and the consequent data leak that affected the department are in any way connected. It is also uncertain as to how long the data remained exposed online before the researchers discovered it. The MacKeeper researchers notified Warren County about the breach in mid-January and it was secured in February, The DailyDot reported.