Skip to content ↓ | Skip to navigation ↓

A police department based in Texas has lost digital evidence and other files dating back to 2009 as a result of a ransomware attack.

On 25 January 2017, the Cockrell Hill Police Department issued a press release in which it reveals a computer virus had recently affected one of its servers:

“On December 12, 2016, the Cockrell Hill Police Department became aware that files on the server had been corrupted by a computer virus. They immediately disconnected the server and all computers from the internet and all state database systems and were able to contain the virus. After investigating the issue, it was determined that the virus had been introduced onto the network from a spam email that had come from a cloned email address imitating a department issued email address.”

The virus bore the name “Osiris,” which means there’s a good chance the Cockrell Hill Police Department came into contact with the Osiris variant of Locky ransomware. This would explain why the virus encrypted many of the police department’s files and demanded 4,000 USD in Bitcoin for the decryption key.

The police department contacted the FBI’s digital crimes unit for advice. Rightly so, the FBI pointed out that there was no guarantee the police department would receive their files back if they met the ransom payment. As a result, Cockrell Hill’s police decided to not pay the ransom.

That’s not an easy pill to swallow from a recovery standpoint.

Osiris targeted all of the police department’s Microsoft Office and Excel documents as well as all body camera video, some in-car video, some in-house surveillance video, and some photographs dating back to 2009. Fortunately, Cockrell Hill’s police keep a copy of all documents on CD and DVD. But the same could not be said about the affected video and photographs.

The loss of such evidence could affect the outcome of future criminal investigations. J. Collin Beggs, a Dallas criminal defense lawyer, said as much in an interview with WFAA:

“It makes it incredibly difficult if not impossible to confirm what’s written in police reports if there’s no video. The playing field is already tilted in their favor enormously and this tilts it even more.”

At the time of the infection, the Cockrell Hill Police Department did not have a working backup. Let’s hope this incident helps motivate police departments and other types of organizations everywhere to invest in data backup technology and ransomware prevention strategies.