A jail loses control of its CCTV cameras and automatic doors systems after ransomware attack. Inmates should remain completely locked down

Due to a ransomware attack, authorities at a prison in Albuquerque, New Mexico were unable to access footage recorded by their security cameras, plus the attack also affected automatic door mechanisms. Faced with this situation, the prisoners had to be permanently confined to their cell… at least until the Albuquerque security team patches these flaws.

Close sources also mention that access to visitors to the Metropolitan Detention Center was suspended. Internet connection services remain inactive and at the moment it is impossible to make any query on the prison’s platforms, mainly dedicated to showing the records of inmates.

Taylor Rahn, the county’s chief legal officer, issued a court notice related to the emergency shutdown: “One of the most troubling impacts of this cyberattack is that the correctional facility cannot access the facility’s cameras. As of the afternoon of January 5, there was no access to the cameras inside the facility.”

The prison administration continues to work to determine the extent of the attack; at the moment it has only been confirmed that the incident could have corrupted the database that stores the conduct history of the inmates. The emergency measures were implemented since the early morning of January 5.

Local authorities also had to file an emergency notice with a federal court, as the measures implemented during the failures could be taken as violations of the conditions under which U.S. prisons must operate by law. For example, an agreement dating back to 1995 states those prisoners must be guaranteed access to telephone numbers and regular visits, as long as their conduct allows it.

Apparently, this incident is part of a ransomware attack against the entire computer infrastructure of Bernalillo County, the most populous in New Mexico. Since the beginning of this year, county employees experienced problems using some local government systems, leading to the temporary closure of all public offices. There is still no estimated date for the full restoration of activities in local government agencies.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.