Ransomware attackers have threatened to release sensitive data on police informants if they are not contacted within three days.

Washington DC’s Metropolitan Police Department has reportedly had its network breached in a targeted attack, which has been claimed by the ransomware group named Babuk.

The attackers posted a ransom note which claims that they had stolen more than 250 GB of data and threatening to publish the material if they are not paid. The FBI is reportedly investigating.

The NCSC encourages organisations to follow our guidance on mitigating the effect of malware and ransomware and protecting bulk personal data. The NCSC has also published guidance for the public on how to protect themselves from the impact of data breaches in the event personal data is involved.


Hedge funds warned of complex scams

recent report detailed how fraudsters are investing significant amounts of time and effort into elaborate scams targeting hedge funds.

According to a BCG report, financial services firms are 300 times more likely than other companies to be targeted by a cyber attack.

Smaller financial services firms often don’t massively invest in cyber security – making them the ideal target for scammers.

In one example, a scammer communicated with a London based private investor for months mimicking the victim’s business associate. The scammer did this convincingly by hacking into the associate’s emails and copying their conversational style.

The victim only spotted the scam after calling the real trustee who was being impersonated. It became clear to the victim that they had not been emailing who they thought they had been.

The scam was reported to the Metropolitan Police. An address where the scammer asked for documents to be sent was known to the police for past criminal activity.

The NCSC’s guidance on Dealing with suspicious emails, phone calls and text messages explains how scams can be spotted and what people should do if they fall victim.

The NCSC has also published more detailed guidance on defending organisations against phishing attacks.