Cocker Hill’s Police Department has revealed that its server was infected with ransomware and therefore, the department had to lose digital evidence from the past few years. Cocker Hill is a small community situated in southwest Dallas, Texas.
As per the reports, the Police department of Cocker Hill lost digital data from as far as the year 2009 and officials suspect that Russian cyber-criminals are involved in the attack. The attack occurred in December 2016 and was identified on the 12th of the same month. The malware was “introduced onto the network from a spam email that had come from a cloned email address imitating a department-issued email address,” as stated in the official press release.
Police chief Stephen Barlag said that after being compromised the department lost evidence that included “all body cam video, some photos, some in-car video, and some police department surveillance video were lost.” However, Barlag confirmed that the incident was not a hack attack but an attempt to get ransom only. “No files or confidential information was breached or obtained by any outside parties,” informed Barlag.
“This virus affected all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost. No information contained in any of those documents, videos, or photographs was extracted or transmitted outside of the Police Department,” said Barlag.
When the department identified the attack, they responded immediately by disconnecting the server from the Internet and FBI Cybercrimes Unit was notified. Attackers demanded $4000 as ransom, but according to Feds, there wasn’t any guarantee that hackers would provide the decryption key if the ransom is paid. Therefore, the police decided to wipe the server instead of bowing to the demands of the attackers.
Barlag later clarified and told WFAA that according to experts not Russian but Ukrainian cyber-criminals are possibly the perpetrators of the crime because the attack was launched from Ukraine. However, in the official press release from the department, there is no specific information or lead related to the perpetrators of the attack. He further added that although the police lost evidence, none of the data was as critical for the department.
Police department’s security experts believe that the ransomware was OSIRIS virus, but Bleeping Computer stated that it was not OSIRIS and according to their analysis the server was infected with “Locky Ransomware.”
This is not the first time when a Police Department had its computer system infected with ransomware. In 2014, Tewksbury Police Department, Massachusetts had their systems locked up by cybercriminals who demanded €460/$500 in bitcoins from the department to get the decryption key and left with no option the ransom was paid. There are several other cases in which Police departments had to pay ransom to get their data back which can be read here.