Romanian woman pleads guilty to 2017 ransomware attack on D.C. police cameras

The attack disabled two-thirds of the capital's police surveillance cameras just days before the presidential inauguration.

A Romanian national pleaded guilty Thursday to two federal charges that she took part in a January 2017 cyberattack against the Washington, D.C. police department that briefly disabled many of the city’s surveillance cameras just days before the presidential inauguration.

Eveline Cismaru, 28, admitted in federal court that she was part of a conspiracy to use police computers to distribute ransomware. According to court documents, 123 of the D.C. Metropolitan Police Department’s 187 surveillance cameras went dark on Jan. 12, 2017, after 126 computers connected to the camera network were infected with a virus that locked out the computers’ authorized users unless a bitcoin payment equal to about $60,800 was paid.

The D.C. government’s information technology office was able to remove the software, reboot the affected machines and turn the cameras back on three days later. No ransom was ever paid, but the brief blackout was blamed for the loss of surveillance footage that could’ve helped police make an arrest in the murder of an elderly woman .

The ransomware attack led authorities on a multinational investigation. British authorities arrested two people in London, but released them after it was discovered they had only purchased items on an Amazon Marketplace store linked to Cismaru’s email address.


Cismaru and another Romanian citizen, Mihai Alexandru Isvanca, were arrested in Bucharest last December and charged with the D.C. cyberattack as part of a larger roundup of ransomware suspects. Cismaru was initially released pending extradition to the United States, but fled Romania and was arrested again in March in London. She was held until being extradited in July. Isvanca remains in custody in Romania and is awaiting extradition to the U.S.

During court proceedings over the summer, prosecutors filed documents alleging the ransomware attack could’ve reached far beyond D.C. surveillance cameras. Cismaru and Isvanca, authorities said, were planning to use the police computers to send two varieties of ransomware known as “cerber” and “dharma” to a list of more than 179,000 email addresses. Investigators also found information pertaining to 3,800 credit cards, which had been collected from an Amazon store called “Lake L,” which was later found to have been posing as a popular British kitchenware brand named Lakeland.

Along with the U.S. Secret Service and D.C. police, the investigation into the ransomware attack included the FBI and authorities in the United Kingdom, Romania and the Netherlands.

Cismaru faces up to 20 years in prison, though her plea agreement requires her to cooperate with the ongoing investigation. She is scheduled to be sentenced Dec. 3.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts