Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Texas cops lose evidence going back eight years in ransomware attack

We have to get very, very tough on cyber and cyber warfare… and backups?

Updated Cockrell Hill, Texas has a population of just over 4,000 souls and a police force that managed to lose eight years of evidence when a departmental server was compromised by ransomware.

In a public statement, the department said the malware had been introduced to the department's systems through email. Specifically, it arrived "from a cloned email address imitating a department issued email address" and after taking root, requested 4 Bitcoin in ransom, worth about $3,600 today, or "nearly $4,000" as the department put it.

It was at this point that the cops' backup procedures were tested and found to have failed to account for the mischief. When recovery was attempted, they realised they had only managed to back up the encrypted files.

The cops then spoke to the FBI "and upon consultation with them it was determined there were no guarantees that the decryption file would actually be provided, therefore the decision was made to not go forward with the Bitcoin transfer and to simply isolate and wipe the virus from the servers".

Guarantee or not, the criminals operating ransomware schemes often do indeed decrypt the hijacked files if victims pay up. This is simple economics: if the criminal has a reputation for receiving money without decrypting the files, then their victims will be discouraged from paying up, and this is all about the money.

The ransomware is described as having "affected all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost."

While the police state that the malware "was determined to be an 'OSIRIS' virus" no such virus actually exists. Instead, the police seem to have been confused by a new extension being used by the Locky ransomware, which renames the files it encrypts and gives them a .osiris extension.

According to news channel WFAA, which broke the story, the department initially discovered the infection back in December, but had not gone public with the information. Instead, the news began to emerge "when the department began alerting defense attorneys that video evidence in some of their criminal cases no longer exists".

Stephen Barlag, Cockrell Hill's police chief, said of the encrypted docs: "None of this was critical information."

WFAA quoted J Collin Beggs, a criminal defence lawyer in Dallas, who said: "That depends on what side of the jail cell you're sitting," referencing a client of his, charged in a Cockrell Hill case involving some of the lost video evidence.

Beggs bemoaned the loss of the video evidence, stating it was significant to his client and to others that the department has charged. "It makes it incredibly difficult if not impossible to confirm what's written in police reports if there's no video," Beggs said. "The playing field is already tilted in their favor enormously and this tilts it even more."

Beggs said he has asked the FBI for proof that the computer virus incident happened. An FBI spokeswoman on Wednesday told News 8 that the bureau does not "confirm or deny the existence of an investigation."

Chief Barlag contacted The Register shortly after the publication of this article to let us know: "We have been or will be able to recover most if not all of our digital evidence. I am not aware of any criminal cases that will be dropped as a result of this virus." ®

Updated to add

Stephen Barlag, chief of Cockrell Hill police, has been in touch to say: "We have been or will be able to recover most if not all of our digital evidence. I am not aware of any criminal cases that will be dropped as a result of this virus."

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like