The Police Department in Cockrell Hill, Texas has admitted in a press release that they have lost years worth of evidence after the department’s server was encrypted in a ransomware attack.
Lost evidence included all body camera video, some in-car video, some in-house surveillance video, some photographs, and all of their Microsoft Office documents.
The lost data dates back to 2009. Their data from that period does include some data that was backed up on DVDs and CDs and those will have remained intact. But more worrying is the fact that the department lost data from their ongoing investigations.
“It is […] unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small,” their press release reads.
In an interview with ABC affiliate WFAA, who broke the story, Stephen Barlag, Cockrell Hill’s police chief, said that none of the lost data was critical. The department has also notified the Dallas County District Attorney’s office of the incident.
The Police department stated that the infection was discovered on December 12, last year, and that crooks had asked for a $4,000 ransom fee to unlock their files.
After consultation with the FBI’s cyber-crime unit, the Police department opted to wipe their data server and reinstall everything. Data files could not be recovered from their backups, as the backup procedure had kicked in after the ransomware took root, and backed up copies of the encrypted files over their clean backup files (which is why it is important to use backup solutions with versioning).
According to the department’s own press release, the Cockrell Hill police IT staff said they were infected with the OSIRIS ransomware – although there is no such strain of ransomware, it is like that this was the recently altered Locky ransomware, which began using Egyptian mythology in the naming conventions.