Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Department Loses Years Worth of Evidence In Ransomware Incident (bleepingcomputer.com)

Posted by EditorDavid on from the crimes-against-crimefighters dept.

"Police in Cockrell Hill, Texas admitted Wednesday in a press release that they lost years worth of evidence after the department's server was infected with ransomware," reports BleepingComputer. "Lost evidence includes all body camera video, some in-car video, some in-house surveillance video, some photographs, and all Microsoft Office documents." An anonymous reader writes: Most of the data was from solved cases, but some of the evidence was from active investigations. The infection appears to be from the Locky ransomware family, one of the most active today, and took root last December, after an employee opened a document he received via via a spam email. The police department backup system apparently kicked in right after the infection took root, and created copies of the already encrypted data. The department did not pay the $4,000 ransom demand and decided to wipe all its systems.

5 of 131 comments (clear)

  1. Re:"backup" by fluffernutter · · Score: 4, Interesting

    Sadly, the people who know this are commonly determined to be too expensive to employ. So, they get what they pay for.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  2. Intentional infection? This doesn't add up. by geekmux · · Score: 5, Interesting

    "Most of the data was from solved cases, but some of the evidence was from active investigations...the department did not pay the $4,000 ransom demand and decided to wipe all its systems."

    I'm sorry, but one legal firm can rack up more than $4000 in legal fees in a single day.

    You're going to tell me that the active investigations along with the potential liability of not holding data for years worth of solved cases was somehow not worth $4000?

    The numbers just don't add up here. At all. Hate to go all conspiracy theory, but this sounds more like an intentional infection and a premature decision to wipe data that might have shown a bad light on a certain law enforcement actions.

  3. Re:Intentional infection? This doesn't add up. by Kohath · · Score: 4, Interesting

    Any evidence that was altered by ransomware would get challenged by a defense attorney. Maybe they decided they didn't need to pay ransom for evidence that had built-in reasonable doubt.

  4. Re:Intentional infection? This doesn't add up. by gravewax · · Score: 4, Insightful

    The numbers add up perfectly, you just aren't adding up the right numbers. system has already been compromised, how could they possibly trust any data as evidence after recovery? On top of that you have the government stance of never paying ransom. Looks to me like they took the right approach.

  5. Re:mmmmmm... by meerling · · Score: 4, Insightful

    So they're trying to claim that they didn't have any other backups?
    They lost 8 years of files... Because it did a backup right after the encryption...
    THE MORONS ONLY HAD ONE BACKUP!!!!

    There is so much wrong with this from a security standpoint that whatever fool made that decision needs to either be fired, or at least removed from any influence over IT.

    As the old saying goes:
        So when did your data become important to you, before or after you lost it?