Police Department Loses Years Worth of Evidence In Ransomware Incident

"Police in Cockrell Hill, Texas admitted Wednesday in a press release that they lost years worth of evidence after the department's server was infected with ransomware," reports BleepingComputer. "Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents." An anonymous reader writes: Most of the data was from solved cases, but some of the evidence was from active investigations. The infection appears to be from the Locky ransomware family, one of the most active today, and took root last December, after an employee opened a document he received via via a spam email. The police department backup system apparently kicked in right after the infection took root, and created copies of the already encrypted data. The department did not pay the $4,000 ransom demand and decided to wipe all its systems.

Backups?

[WalksOnDirt]

It sounds like they only had one backup, and that promptly got overwritten. It should be standard procedure to have an offsite backup as well. I always did.

Statement says they did NOT lose evidence

"...hard copies of ALL documents and the vast majority of the videos and photographs are still in the possession of the Police Department on CD or DVD".

They only lost digital copies of evidence...probably why they chose to wipe rather than pay ransom.