Locky Infection Causes Loss of 8 Years of Police Department Evidence

January 30, 2017

Locky Infection Causes Loss of 8 Years of Police Department Evidence

The Police Department in Cockrell Hill, Texas admitted in a press release that they lost 8 years’ worth of evidence after the department’s server was infected with Locky Ransomware. The lost evidence includes all body camera video, and sections of in-car video, in-house surveillance video, photographs, and all their Microsoft Office documents. OUCH 1.

Eight years’ worth of evidence lost

Some of the lost data goes back to 2009, there are some files from that era that are backed up on DVDs and CDs and remained available.

“It is […] unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small,” the press release reads.

In an interview with WFAA, who broke the story, Stephen Barlag, Cockrell Hill’s police chief, said that none of the lost data was critical. The department also notified the Dallas County District Attorney’s office of the incident.

Backup procedure kicked in after Locky infection

The department says the infection was discovered on December 12, last year, and the crooks asked for a $4,000 ransom fee to unlock the files.

After consulting with the FBI’s cyber-crime unit, the department decided to wipe their data server and reinstall everything. Data could not be recovered from backups, as the backup procedure kicked in shortly after the ransomware took root, and backed up copies of the encrypted files. OUCH 2.

Infection Source: Phishing email with spoofed address

The press release says the infection took place after an officer opened a spam message from a spoofed email address imitating a department issued email address. New-school security awareness training would highly likely have prevented this.

The infection did not spread to other computers because the server was taken offline and disconnected from the local network as soon as staff discovered the ransom demand. The department also said there was no evidence of data exfiltration to a remote server.

So now, do *you* have a recent off-site backup? Most Businesses never consider the possiblity of on-site backups possibly being susceptible to ransomware such as Locky and others. EvoIT specializes in Managed Device Security Services to stop ransomware such as Locky in it’s tracks.

Contact us today, we’d love to give peace of mind and ensure your business is safe from threats like these.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInShare on TumblrShare on StumbleUponShare on RedditEmail this to someone