Ransomware Incidents (1267A/21)

30 September 2021 | Other

Request

In the past three years has your organisation:
1. Had any ransomware incidents? (An incident where an attacker attempted to, or successfully, encrypted a computing device within your organisation with the aim of extorting a payment or action in order to decrypt the device? )
  1. If yes, how many?
2. Had any data rendered permanently inaccessible by a ransomware incident (i.e. some data was not able to be restored from back up.)
3. Had any data rendered permanently inaccessible by a systems or equipment failure (i.e. some data was not able to be restored from back up.)
4. Paid a ransom due to a ransomware incident / to obtain a decryption key or tool?
  1. If yes was the decryption successful, with all files recovered?
5. Used a free decryption key or tool (e.g. from https://www.nomoreransom.org/)?
  1. If yes was the decryption successful, with all files recovered?
6. Had a formal policy on ransomware payment?
  1. If yes please provide, or link, to all versions relevant to the 3 year period.
7. Held meetings where policy on paying ransomware was discussed?
8. Paid consultancy fees for malware, ransomware, or system intrusion investigation
  1. If yes at what cost in each year?
9. Used existing support contracts for malware, ransomware, or system intrusion investigation?
10. Requested central government support for malware, ransomware, or system intrusion investigation?
11. Paid for data recovery services?
  1. If yes at what cost in each year?
12. Used existing contracts for data recovery services?
13. Replaced IT infrastructure such as servers that have been compromised by malware?
  1. If yes at what cost in each year?
14. Replaced IT endpoints such as PCs, Laptops, Mobile devices that have been compromised by malware?
  1. If yes at what cost in each year?
15. Lost data due to portable electronic devices being mislaid, lost or destroyed?
  1. If yes how many incidents in each year?

Does your organisation use a cloud based office suite system such as Google Workspace (Formerly G Suite) or Microsoft’s Office 365?
1. If yes is this system’s data independently backed up, separately from that platform’s own tools?

Is an offsite data back-up a system in place for the following? (Offsite backup is the replication of the data to a server which is separated geographically from the system’s normal operating location site.)
1. Mobile devices such as phones and tablet computers
2. Desktop and laptop computers
3. Virtual desktops
4. Servers on premise
5. Co-located or hosted servers
6. Cloud hosted servers
7. Virtual machines
8. Data in SaaS applications
9. ERP / finance system
10. We do not use any offsite back-up systems

Are the services in question 3 backed up by a single system or are multiple systems used?

Do you have a cloud migration strategy? If so is there specific budget allocated to this?

How many Software as a Services (SaaS) applications are in place within your organisation?
1. How many have been adopted since January 2020?

Response

Questions

Q1 b, c, d, di, e, ei, h, hi, I, j, k, ki, l,m, n

Q2a

Q3 a – j

West Midlands Police will neither confirm nor deny that we hold any of the requested information by virtue of the following exemptions:

Section 24(2) – National security

Section 31(3) – Law enforcement

These exemptions and explanatory notes are shown here:

https://www.app.college.police.uk/app-content/information-management/freedom-of-information/#freedom-of-information-exemptions

In line with the above, I am required to complete a Prejudice Test/Public Interest Test (PIT) on disclosure. Please find this PIT attached (1038A_21_PIT.pdf).

No inference can be taken from this refusal that the information you have requested does or does not exist.

Q1:In the past three years has your organisation:

a: Had any ransomware incidents? (An incident where an attacker attempted to, or successfully, encrypted a computing device within your organisation with the aim of extorting a payment or action in order to decrypt the device? ) If yes, how many?

Q1 f, fi: In the past three years has your organisation:

Had a formal policy on ransomware payment?

If yes please provide, or link, to all versions relevant to the 3 year period.

Q1 g: In the past three years has your organisation:

Held meetings where policy on paying ransomware was discussed?

Q1 o: In the past three years has your organisation:

Lost data due to portable electronic devices being mislaid, lost or destroyed?

If yes how many incidents in each year?

Q2: Does your organisation use a cloud based office suite system such as Google Workspace (Formerly G Suite) or Microsoft’s Office 365?

West Midlands Police are in the early project stages of piloting M365 in alignment with the National agreed police designs on M365 deployment

Q5: Do you have a cloud migration strategy? If so is there specific budget allocated to this?

Yes, West Midlands Police is a “Cloud Considered” principal for migration and new projects/programmes. We adopt cloud services where it provides value for money against the objectives being achieved.

Q6: How many Software as a Services (SaaS) applications are in place within your organisation?

Currently West Midlands Police support access to 26 Cloud native services (SaaS)

How many have been adopted since January 2020?

Every effort is made to ensure that the figures presented are accurate and complete. However, it is important to note that these data have been extracted from a number of data sources used by forces for police purposes. The detail collected to respond specifically to your request is subject to the inaccuracies inherent in any large scale recording system. As a consequence, care should be taken to ensure data collection processes and their inevitable limitations are taken into account when interpreting those data.

The figures provided therefore are our best interpretation of relevance of data to your request, but you should be aware that the collation of figures for ad hoc requests may have limitations and this should be taken into account when those data are used.

If you decide to write an article / use the enclosed data we would ask you to take into consideration the factors highlighted in this document so as to not mislead members of the public or official bodies, or misrepresent the relevance of the whole or any part of this disclosed material.

Attachments

1267A PIT

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This helps us see how many people visit our site by tracking if you’ve visited before and which pages you have looked at.
_gat	10 minutes	This measures the amount of data sent around people’s demographic data to Google, so that Google’s servers can still work.
_gid	24 hours	This helps us see how many people visit our site by tracking if you’ve visited our site before.

Ransomware Incidents (1267A/21)

Request

Response

Attachments

Search published FOIs

Recently published

Categories