Officials said they didn’t pay the ransom and were able to recover some of the data from previous backups. Other data they recovered from public court records, but to this day, the Riverside Fire and Police department have not fully recovered from the first attack.
Department was prepared for the second infection
The second infection took place last week, May 4, but only came to light today when US Secret Service agents arrived in the Ohio town to help with the investigation.
This time around officials appear to have learned their lesson and were actively making backups on a daily basis. Officials said the second ransomware infection only locked up data for the last eight hours of work, and the department fully recovered after the second attack.
“Everything was backed-up, but we lost about eight hours worth of information we have to re-enter,” City Manager Mark Carpenter told local media. “It was our police and fire records, so we just re-enter the reports.”
Secret Service agents are now investigating the point of entry for both infections, hoping to find clues and track down the hackers.
Not the first time police lose evidence data to ransomware
This is not the first ransomware infection that hit a police department and has wiped data on investigations. Police in Cockrell Hill, Texas suffered a similar incident in January 2017 when they lost nearly eight years worth of evidence.
Police and fire departments are regularly hit with ransomware, but usually, they manage to recover either by restoring backups or by paying the ransom. Past victims include the police departments in the Mad River Township, Ohio; Roxana, Illinois; Tewksbury, Massachusetts; Rockport, Oregon; Mount Pleasant, South Carolina; just to name a few.”
Now, the bad guys are not actively targeting cops, they are usually simply swept up in massive phishing campaigns that cast the widest net possible, using clever social engineering tactics to manipulate their mark into opening an attachment.
Looks like cops need new-school security awareness training just like anyone else.
Since phishing has risen to the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.
For instance, KnowBe4’s integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!
See it for yourself and get a live, one-on-one demo.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: