Slashdot Mirror
Police Department Loses Years Worth of Evidence In Ransomware Incident (bleepingcomputer.com)
"Police in Cockrell Hill, Texas admitted Wednesday in a press release that they lost years worth of evidence after the department's server was infected with ransomware," reports BleepingComputer. "Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents." An anonymous reader writes:
Most of the data was from solved cases, but some of the evidence was from active investigations. The infection appears to be from the Locky ransomware family, one of the most active today, and took root last December, after an employee opened a document he received via via a spam email. The police department backup system apparently kicked in right after the infection took root, and created copies of the already encrypted data. The department did not pay the $4,000 ransom demand and decided to wipe all its systems.
Sadly, the people who know this are commonly determined to be too expensive to employ. So, they get what they pay for.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
"Most of the data was from solved cases, but some of the evidence was from active investigations...the department did not pay the $4,000 ransom demand and decided to wipe all its systems."
I'm sorry, but one legal firm can rack up more than $4000 in legal fees in a single day.
You're going to tell me that the active investigations along with the potential liability of not holding data for years worth of solved cases was somehow not worth $4000?
The numbers just don't add up here. At all. Hate to go all conspiracy theory, but this sounds more like an intentional infection and a premature decision to wipe data that might have shown a bad light on a certain law enforcement actions.
Any evidence that was altered by ransomware would get challenged by a defense attorney. Maybe they decided they didn't need to pay ransom for evidence that had built-in reasonable doubt.
It is $4000 to a criminal organization, it's illegal (especially for government agencies like a POLICE department) to make any payment and become complicit in the criminal activity.
On the other hand, $4000 is what they start off with, I heard of a company that got hit with $10k in ransom demands, a few days later they realized their backups weren't working well so they gave them the $10k, by then the criminals realized they were attempting and failed to restore from backup so they quadrupled the demand so the company got the FBI involved, when the criminals realized the FBI got involved, they wiped EVERYTHING. It took them about 3 weeks and about $100k to recover the broken backups by a professional recovery company.
Custom electronics and digital signage for your business: www.evcircuits.com
Retired IT here, after 34 years.
It's not easy being a cost center.
I was always on the wrong side of the ledger.
All of my meetings with management were about spending money that they had to recover.
Sometimes a new implementation would be an instant money-saver, but that was not very often.
I insisted on one of two (2) things:
1.) Acceptance of my recommendations or
2.) An official email quoting my recommendation, along with the rejection of same.
2.) was, on occasion, the answer to the question, "How in the hell could you let this happen?"
It little behooves the best of us to comment on the rest of us.