News Feature | February 6, 2017

Ransomware Attack Results In Loss Of 8 Years' Worth Of Evidence For Police Department

Christine Kern

By Christine Kern, contributing writer


Cockrell Hill PD lost video evidence and digital documents to a computer-generated attack.

Government and local agencies can also be vulnerable to ransomware attacks, as the Cockrell Hill, TX police department discovered last month when a ransomware attack resulted in the loss of eight years of video evidence and digital documents, according to WFAA TV. Cockrell Hill’s police chief Stephen Barlag, told reporters the incident was the result of a computer-generated ransom demand. “This was not a hacking incident,” he says. “No files or confidential information was breached or obtained by any outside parties.”

However, the attack did result in the loss of significant evidence for the department. The malware, likely Russian or Ukrainian in origin, used a cloned email to gain access through a user click. Messages then demanded $4,000 work of Bitcoin in ransom for the return of the files.

The department did not pony up the ransom demand. “We were told by the FBI that paying doesn’t always get you your information back,” Barlag says. “They told us some people whose files are infected pay and they get their files back, but sometimes it doesn’t work. So we decided it was not worth it to pay, and potentially, not get anything back anyway.”

Recent ransomware attacks in healthcare have garnered the headlines, and highlighted the debate over paying the ransom to regain access to data. One poll found up to 75 percent of hospitals have experienced at least one ransomware attack. Brendan FitzGerald, HIMSS Analytics Research Director for Advisory Solutions, told Healthcare IT News, “There has been a lot of industry literature around whether or not to pay the ransom, most of it recommending not to. I think as a last resort there’s that potential to pay a ransom. Moving forward, it’s going to be interesting to see how organizations respond to this.”

As a result, cybersecurity is a priority for every hospital IT leader today. But while healthcare, retail, and financial institutions have been the focus of much of the ransomware discussions, other potential targets like federal, state, and local agencies have been overlooked. In fact, 48 percent of organizations have been hit by at least one ransomware attack in the past year, with the average victim hit six times, as Business Solutions Magazine reported.

A Barkly study found 95 percent of ransomware attacks bypass firewalls, 77 percent permeate email filtering, and one-third of attacks were successful even when victims had undergone security awareness training, according to Business Solutions Magazine.

The Cockrell Hill decision not to pay the ransom meant the department had to wipe the infected computer servers clean. Barlag says, “Everything that was lost is gone. Our automatic backup started after the infection, so it just backed up infected files.” Barlag later contacted The Register, stating “We have been or will be able to recover most if not all of our digital evidence. I am not aware of any criminal cases that will be dropped as a result of this virus.”