Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Department Loses Years Worth of Evidence In Ransomware Incident (bleepingcomputer.com)

Posted by EditorDavid on from the crimes-against-crimefighters dept.

"Police in Cockrell Hill, Texas admitted Wednesday in a press release that they lost years worth of evidence after the department's server was infected with ransomware," reports BleepingComputer. "Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents." An anonymous reader writes: Most of the data was from solved cases, but some of the evidence was from active investigations. The infection appears to be from the Locky ransomware family, one of the most active today, and took root last December, after an employee opened a document he received via via a spam email. The police department backup system apparently kicked in right after the infection took root, and created copies of the already encrypted data. The department did not pay the $4,000 ransom demand and decided to wipe all its systems.

4 of 131 comments (clear)

  1. Re:Intentional infection? This doesn't add up. by Anonymous Coward · · Score: 3, Insightful

    Maybe they decided to do the right thing and not fund criminals. We need more people to do the same thing. If nobody payed, ransomeware would stop being a thing. Plus, the evidence should now be considered compromised anyway.

  2. Re:Intentional infection? This doesn't add up. by gravewax · · Score: 4, Insightful

    The numbers add up perfectly, you just aren't adding up the right numbers. system has already been compromised, how could they possibly trust any data as evidence after recovery? On top of that you have the government stance of never paying ransom. Looks to me like they took the right approach.

  3. Re:Intentional infection? This doesn't add up. by bsolar · · Score: 3, Insightful

    They can trust the data by recovering it from the tamper-proof archived backups they *should* have. If they lack them, they failed and in this case it seems they failed big time.

  4. Re:mmmmmm... by meerling · · Score: 4, Insightful

    So they're trying to claim that they didn't have any other backups?
    They lost 8 years of files... Because it did a backup right after the encryption...
    THE MORONS ONLY HAD ONE BACKUP!!!!

    There is so much wrong with this from a security standpoint that whatever fool made that decision needs to either be fired, or at least removed from any influence over IT.

    As the old saying goes:
        So when did your data become important to you, before or after you lost it?