Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Texas Police Dept. Loses Digital Evidence in Ransomware Attack

February 1, 2017

The Cockrell Hill Police Department in Texas has lost digital evidence and other files dating back to 2009 as a result of a ransomware attack.

On 25 January 2017, the Department issued a press release revealing that a computer virus had recently affected one of its servers:

"On December 12, 2016, the Cockrell Hill Police Department became aware that files on the server had been corrupted by a computer virus. They immediately disconnected the server and all computers from the internet and all state database systems and were able to contain the virus. After investigating the issue, it was determined that the virus had been introduced onto the network from a spam email that had come from a cloned email address imitating a department issued email address."

The virus bore the name "Osiris," which likely means the Cockrell Hill Police Department came into contact with the Osiris variant of Locky ransomware. The virus encrypted many of the police department's files and demanded $4,000 in Bitcoin for the decryption key.

The police department contacted the FBI's digital crimes unit for advice. The FBI pointed out that there was no guarantee the police department would receive their files back if they met the ransom payment. As a result, Cockrell Hill's police decided to not pay the ransom.

Osiris targeted all of the police department's Microsoft Office and Excel documents as well as all body camera video, some in-car video, some in-house surveillance video, and some photographs. Fortunately, Cockrell Hill's police keep a copy of all documents on CD and DVD. But the same could not be said about the affected video and photographs.

The loss of such evidence could affect the outcome of future criminal investigations.

At the time of the infection, the Cockrell Hill Police Department did not have a working backup. Seriously? Is there anyone out there who doesn't, by now, understand the importance of properly engineered backup to allow you to recover from a ransomware attack? I guess this story answers that question.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Texas Police Dept. Loses Digital Evidence in Ransomware Attack

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer