Ransomware puts New Mexico prison in lockdown • The Register

Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline
Bernalillo County's Metropolitan Detention Center still recovering from infection
Thomas Claburn in San Francisco Wed 12 Jan 2022 // 22:03 UTC
22 comment bubble on white

Bernalillo County, New Mexico, has been unable to comply with the settlement terms of a 27-year-old lawsuit over prison conditions because of a ransomware attack last week that saw prisoners back under manual control.

County officials on January 6, 2022, filed a notice [PDF] with the New Mexico District Court overseeing the settlement invoking an emergency provision in the settlement terms to temporarily suspend their obligations.

Commissioners told the court that all of Bernalillo County, which covers the US state of New Mexico's largest city Albuquerque, had been affected by a January 5, 2022, ransomware attack, including the Metropolitan Detention Center (MDC) that houses some of the state's incarcerated.

To resolve a complaint over prison overcrowding and other alleged rights violations dating back to 1995, the MDC and aggrieved inmates have agreed to settlement terms that call for the MDC to take corrective action that improve prison conditions.


But the ransomware attack last week has interfered with the MDC's ability to do so, and the prison's systems have yet to be fully restored. Over the phone, a spokesperson for the facility told The Register on Wednesday that services are still being repaired.

The attack took automatic security doors offline on January 5th, requiring officials to open doors manually with keys until that particular function could be revived.

Police National Computer not pwned by Clop ransomware crims, insists Home Office
Irish Health Service ransomware attack happened after one staffer opened malware-ridden email
Ransomwared payroll provider leaks data on 38,000 Australian government workers
Canadian charged with running ransomware attack on US state of Alaska
Officials said in their filing that County-operated databases, servers, and internet service had been compromised. At MDC, this has meant limited access to email and no access to County wireless internet. This is particularly problematic, the officials say, because the MDC's structure and location interferes with cellular service.

"One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras," they explained. "As of the evening of January 5th, there was no access to cameras within the facility."

MDC instituted a temporary lockdown in response to the situation. Court-related video conferences are also not happening.

Several County databases at MDC are also believed to have been corrupted by the attack.

"The Incident Tracking System (ITS), the database in which MDC creates and houses all incident reports, including inmate fights, use of force, allegations of violations of the Prison Rape Elimination Act, is not currently available as it is suspected to be corrupted by the attack," the filing states.

"Further, the Offender Management System (OMS) which MDC uses to store and access information about inmates including inmate account data is likewise unavailable at the present."

Medical systems outage adds to woes
A spokesperson for Bernalillo County did not immediately respond to a request to elaborate on recovery efforts but an Albuquerque Journal report has suggested that technicians hoped to get MDC camera systems working over the recent weekend.

The plaintiffs in the case have taken the opportunity to submit the statement [PDF] of a registered nurse who announced that she was quitting her job at MDC because of concerns about conditions there. The nurse, Taileigh Sanchez, describes dire staff shortages at MDC and problems with a new electronic medical records system, issues that have been made worse by the ransomware attack.

The attack denied access to current medical records, she said, which may have prevented some inmates from getting their medications.

Sanchez said she told supervisors about her concerns – which date back before the ransomware hit – but faced retaliation. "Even though I like my job, and have even been here 11 years, I will be resigning my full-time position effective immediately due to the safety concerns I have for our clientele and our staff," she said in her declaration.

The number of reported ransomware attacks actually decreased from 2020 to 2021, according to security firm Sophos [PDF]. Thirty-seven per cent of organizations responding to the firm's survey admitted being affected by ransomware in 2021, compared to 54 per cent in 2020. However, the average remediation cost more than doubled, rising from $760,000 in 2020 to $1.85m in 2021.

Last year, despite the statistical decline, there were enough high profile ransomware attacks – Colonial Pipeline, JBS, and the Washington DC Metropolitan Police Department – that the Biden Administration made deterring ransomware a prominent part. of its cybersecurity policy