Ragnar Locker Ransomware Accidentally Targets Belgian Police
The operators of the Ragnar Locker ransomware have published data stolen from a police department in the Antwerp province of Belgium on their leak site. The twist: the hackers believed they had compromised the municipality of the city of Zwijndrecht, but ended up breaching law enforcement by mistake.
Belgian media have already called this leak one of the largest in the country’s history, as it affected all police data from Zwijndrecht from 2006 through September 2022.
What Was Leaked?
According to Bleeping Computer, the published data includes thousands of vehicle license plates, information about fines, crime reports, personnel data, investigation reports, and much more. Unfortunately, this leak could expose the identities of people who reported crimes and jeopardize ongoing police operations and investigations.
The Zwijndrecht police stated on social media that the hackers only accessed the part of the network where administrative data was stored, and that the main victims of the attack were the police staff themselves.
Police Response and Investigation
Marc Snels, the head of the Zwijndrecht police, told local media that the data breach was caused by human error, and that all affected individuals are being notified about the incident.
“This is not a case where all data was leaked. The compromised network mainly contains personal information about our staff, such as personnel lists. But sometimes confidential information does appear in this network. These are human errors. For example, fines and photos related to child abuse were leaked. This is, of course, very unpleasant,” Snels said.
The Belgian prosecutor’s office has already opened a criminal case regarding the breach.
How Did the Attack Happen?
Bleeping Computer notes, citing Belgian journalists, that the attackers exploited a poorly secured Citrix endpoint to gain access to the police network. Investigators also found that the leaked data includes metadata from telecom service subscribers and SMS messages from people under secret police investigation. The files also contain footage from traffic cameras, revealing the locations of specific individuals at certain dates and times.