Although the FBI has issued warnings and security tips to prevent cyberattacks, ransomware somehow finds its way into networks.
Police evidence collected over eight years, including in-car video surveillance videos, photos and documents, was encrypted following a ransomware infection of the police department of Cockrell Hill, a suburb of Dallas. The encrypted data also contained photos and videos for an active case in Texas. The incident was detected in December and announced in January.
Investigations revealed an infection with Osiris, a variant of Locky, one of the most common types of ransomware. Ransomware found its way into the system through email spoofing of the domain and email format – which was easy since the legitimate emails of the chief of police and other top officers were on the department’s website. The malware is believed to have come from Russia or Ukraine.
“This was not a hacking incident,” Police Chief Barlag said. “No files or confidential information was breached or obtained by any outside parties.”
The police department was asked to pay $4,000 in bitcoin. After consulting with the FBI, they decided not to give in to the attacker(s) demand, as they had backups on CDs and DVDs, and wiped the servers clean.
“We were told by the FBI that paying doesn’t always get you your information back,” Barlag said. “They told us that some people whose files are infected pay, and they get their files back, but sometimes it doesn’t work. So we decided it was not worth it to pay, and potentially, not get anything back anyway.”