Ragnar Locker ransomware hackers attacked a police station in Antwerp, Belgium and stole crime report files, investigation reports, and personal information of police agents. Then, the threat actors demanded ransom from the Belgian police.
According to reports, the hackers at first targeted the offices of the municipality of Zwijndrecht before attacking Zwijndrecht police.
Ragnar Locker ransomware group claimed responsibility for the attack before leaking samples of the stolen police data on their blog on the dark web.
Belgian journalist Kenneth Dée first reported the attack, and said that the threat actors most likely accessed the Zwijndrecht police network by exploiting a poorly protected Citrix endpoint.
Local media reported that the hack exposed 18 years of data collected by Zwijndrecht police from 2006 to September 2022.These include investigation reports, fines, crime files (including images of child abuse), and files belonging to police agents (like party photos).
“For the sake of clarity, it is specifically about the information on the administrative network,” chief of Zwijndrecht police Marc Snels told local news station VRT. “It is not the case that all data has been leaked. That network mainly contains personal information of our staff, such as staff lists and photos of staff parties.”
“But it is true that there is sometimes sensitive information on that network, even though we always try to put it only on the professional network,” Snels added in his Google-translated statement. “Those are human errors. For example, fines and PVs have also been leaked. Also, photos of child abuse. That is very painful, of course.”
In an exchange with reporters, Dée said that the leak also contains footage from traffic cameras, and added that “this is the largest law-enforcement leak in the history of Belgium and probably the most impactful leak we have ever seen in our country.”
Snels confirmed to reporters that the Ragnar threat actors asked for a ransom, but the police refused to give in to their demands.