{"id":6432,"date":"2017-01-30T12:31:49","date_gmt":"2017-01-30T20:31:49","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/30\/news-269\/"},"modified":"2017-01-30T12:31:49","modified_gmt":"2017-01-30T20:31:49","slug":"news-269","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/30\/news-269\/","title":{"rendered":"Police lost 8 years of evidence in ransomware attack"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2017\/01\/ransomware_data_laptop-100701624-large.3x2.jpg\"\/><\/p>\n<p>Police in <a href=\"http:\/\/cityofcockrellhill.us\/Police.html\" target=\"_blank\">Cockrell Hill<\/a>, a community in southwest Dallas, admitted to losing digital evidence from as far back as 2009 after the department\u2019s server was compromised with ransomware.<\/p>\n<p>Cockrell Hill Police Department Chief Stephen Barlag <a href=\"https:\/\/www.scribd.com\/document\/337573961\/Cockrell-Hill-PD-Server-Virus\" target=\"_blank\">said<\/a>, \u201cAs a result, all bodycam video, some photos, some in-car video, and some police department surveillance video were lost.\u201d<\/p>\n<p>Immediately, the police blamed Russian hackers, but Barlag later <a href=\"http:\/\/www.wfaa.com\/news\/local\/cockrell-hill-police-lose-years-worth-of-evidence-in-ransom-hacking\/392673232\" target=\"_blank\">told<\/a> WFAA that experts told him it \u201cmore likely originated in Ukraine.\u201d The official press release, however, states, \u201cIt is unknown for certain where the virus originated from.\u201d<\/p>\n<p>The ransomware attack occurred in December, according to a <a href=\"https:\/\/www.scribd.com\/embeds\/337574421\/content?start_page=1&amp;view_mode=scroll&amp;access_key=key-zdTIPidokkaDwvBR7YPj\" target=\"_blank\">press release<\/a> issued last week. The malware \u201chad been introduced onto the network from a spam email that had come from a cloned email address imitating a department-issued email address.\u201d<\/p>\n<p>The server and all computers were \u201cimmediately disconnected\u201d from the internet and Cockrell Hill contacted the FBI Cybercrimes unit. The ransom demand was nearly $4,000 and the feds said paying was no guarantee the decryption key would be provided. So, the police decided not to pay and to instead wipe the server.<\/p>\n<p>As a result, the cops lost eight years of data stored on the server. The press release read:<\/p>\n<p>This virus affected all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost. No information contained in any of those documents, videos, or photographs was extracted or transmitted outside of the Police Department.<\/p>\n<p>Files that were affected did go back to 2009, however hard copies of ALL documents and the vast majority of the videos and photographs are still in the possession of the Police Department on CD or DVD. It is unknown at this time how many total digital copies of documents were lost, as it is also unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small.<\/p>\n<p>The police department claimed the virus was OSIRIS, but as Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/police-department-loses-years-worth-of-evidence-in-ransomware-incident\/\" target=\"_blank\">pointed out<\/a>, \u201cThere is no OSIRIS ransomware. It\u2019s quite possible that the department\u2019s server was infected with the Locky ransomware, which a few days prior had come out with a new version that appended the \u2018.osiris\u2019 extension at the end of encrypted files.\u201d<\/p>\n<p>Chief Barlag told WFAA, \u201cEverything that was lost is gone. Our automatic backup started after the infection, so it just backed up infected files.\u201d As for the lost data, he added that \u201cnone of this was critical information.\u201d<\/p>\n<p>That, however, \u201cdepends on what side of the jail cell you&#8217;re sitting,\u201d said Dallas criminal defense attorney J. Collin Beggs. He claimed he\u2019d been asking for video evidence since last summer and now there is definitely no video evidence to be turned over. Beggs asked the FBI if the ransomware incident even occurred, but the feds came back with the FBI could not \u201cconfirm or deny the existence of an investigation.\u201d<\/p>\n<p>This was just one in a series of recently reported ransomware attacks such as the one that hit D.C.\u2019s CCTV system and another that locked up a hotel\u2019s electronic key lock system.<\/p>\n<p>Eight days before President Trump\u2019s inauguration, ransomware <a href=\"http:\/\/www.computerworld.com\/article\/3163012\/security\/ransomware-disrupts-washington-dcs-cctv-system.html\" target=\"_blank\">affected<\/a> 123 of 187 D.C. police network video recorders; about 70% the CCTV system was out of commission for about 48 hours. The police refused to pay the ransom, instead choosing to replace the software on the devices and restart them. It took three days to restore the system.<\/p>\n<p>A four-star hotel in the Austrian Alps had its electronic key lock system, reservation and cash desk systems in a chokehold <a href=\"http:\/\/www.thelocal.at\/20170128\/hotel-ransomed-by-hackers-as-guests-locked-in-rooms\" target=\"_blank\">due to ransomware<\/a>. The hotel paid the ransom as it couldn\u2019t confirm reservations of new arrivals or program new key cards to let guests into their rooms.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3163046\/security\/police-lost-8-years-of-evidence-in-ransomware-attack.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2017\/01\/ransomware_data_laptop-100701624-large.3x2.jpg\"\/><\/p>\n<article>\n<section class=\"page\">\n<p>Police in <a href=\"http:\/\/cityofcockrellhill.us\/Police.html\" target=\"_blank\">Cockrell Hill<\/a>, a community in southwest Dallas, admitted to losing digital evidence from as far back as 2009 after the department\u2019s server was compromised with ransomware.<\/p>\n<p>Cockrell Hill Police Department Chief Stephen Barlag <a href=\"https:\/\/www.scribd.com\/document\/337573961\/Cockrell-Hill-PD-Server-Virus\" target=\"_blank\">said<\/a>, \u201cAs a result, all bodycam video, some photos, some in-car video, and some police department surveillance video were lost.\u201d<\/p>\n<p>Immediately, the police blamed Russian hackers, but Barlag later <a href=\"http:\/\/www.wfaa.com\/news\/local\/cockrell-hill-police-lose-years-worth-of-evidence-in-ransom-hacking\/392673232\" target=\"_blank\">told<\/a> WFAA that experts told him it \u201cmore likely originated in Ukraine.\u201d The official press release, however, states, \u201cIt is unknown for certain where the virus originated from.\u201d<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3163046\/security\/police-lost-8-years-of-evidence-in-ransomware-attack.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,11073,714],"class_list":["post-6432","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-malware-vulnerabilities","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6432"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6432\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6432"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}