Armada Cloud FB

Ransomware and Data Protection for Police Departments

Police Departments Increasingly Targeted by Ransomware

Ransomware infections are soaring across all industries, with attacks increasing by tenfold. Police departments have become attractive targets for ransomware attacks; due to budgetary restraints, Police and Sheriff department IT systems are typically outdated and held together by an overworked, thinly stretched team of administrators. One chief of police whose department endured a ransomware attack noted that their computers were still running DOS when the attack occurred.

Those tasked to serve and protect need an affordable, reliable partner to ensure that critical systems are protected. Armada Cloud's data protection platform provides proven data protection for police departments, reducing the load on IT while implementing state-of-the-art disaster recovery and continuity for vulnerable systems.

Is your department protected against an attack? Make sure you can recover any ransomed data without delay, and without paying a ransom.

Protect your data from ransomware

Our data protection appliance is available to try for free: APPLY NOW

The Cost of Ransomware to Unprotected Police Departments

The following sites have all been infected by ransomware, and without sufficient data protection were forced to pay the attackers, lose data, and/or operate at a reduced capacity for the duration of the attack. These sites have since implemented updated security measures to prevent these incidents, and serve as reminders that insurance against such attacks is best implemented before an infection.


Lincoln County Sheriff's Office

Lincoln County Sheriff Todd Brackett was able to see the positives when his office was attacked by ransomware. After the local law enforcement server containing data for his office along with police departments in Wiscasset , Damariscotta, Boothbay Harbor, and Waldoboro fell victim to ransomware, he saw an opportunity to improve data security.

Their department has implemented more robust backup solutions to allow the recovery of data without paying a ransom, though in this case he wished he'd paid it sooner.

“Paying a ransom — let's say it goes against the grain,” he said. “We tried to find a way around it, but in the end our IT guys and Burgess recommended just paying the ransom.”

The infected server and associated data was restored approximately six to eight hours after the ransom was paid, though the total system downtime affecting 5 departments and countless officers has not been disclosed.


Cockrell Hill Police Department

Police in the southwest Dallas community of Cockrell Hill have admitted to the loss of digital evidence going back to 2009 following a ransomware infection.

According to Department Chief Stephen Barlag, “As a result, all bodycam video, some photos, some in-car video, and some police department surveillance video were lost.”

The attackers demanded $4,000 in bitcoin to decrypt the data, but as it has become clear that there are no guarantees that attackers will honor their agreement and restore data, the department elected not to pay. The loss of video and photographic evidence is expected to affect the outcome of future criminal investigations, with the full impact unknown.

At the time of the infection, Cockrell Hill PD reportedly did not have a working data backup solution in place which would have prevented this loss of data without the need to pay a ransom.


Tewksbury Police Department

Tewksbury Police's network was locked down by the CryptoLocker ransomware virus, which entered via the Officer-In-Charge's computer and spread through mapped network drives.

The day after the infection occurred, the department became aware that the server that housed Computer Aided Dispatch, records management, arrest logs, calls for service, motor vehicle matters, and other critical data was being held ransom.

As a result, the department was "basically rendered in-operational", according to Police Chief Timothy Sheehan. While Tewksbury PD eventually paid a ransom of $500 to recover their data, they incurred $26,482 in additional costs resulting from the infection.


Midlothian Police Department

The police department of Midlothian, located south of Chicago, suffered an attack by the Cryptoware virus that rendered an important system inaccessible, blocking access to police records.

The infection was carried into the department when a user opened a spear-phishing email that compromised their system before spreading the virus internally and demanding a $600 ransom in the form of bitcoin to an unknown group of attackers.

While Midlothian PD did have a backup system in place, their homegrown backups were also infected, making it impossible to restore the data they needed. As a result, the department elected to pay the ransom and were fortunately able to decrypt their files.

Midlothian Police Chief Harold Kaufman confirmed the police department had been hacked, but declined further comment.


Melrose Police Department

The police department of Melrose, Massachusetts suffered a ransomware infection that compromised their office's TriTech software and obstructed their ability to file log entries and incident reports; forcing officers to book arrested parties on paper for three days.

The attack arrived in the form of an email received by the entire department and opened by a detective on a department laptop. Photographic evidence on the laptop was also held hostage until the ransom was paid.

Melrose PD Information Technology Director Jorge Pazos reported that while there was a backup solution in place, they did not back up individual computers at the time. Pazos met a Bitcoin broker at a local Panera Bread location, paying $489 for 1 bitcoin. After transferring the bitcoin to the anonymous attackers, the department was fortunate to receive the decryption key.


Dickson Sheriff's Office

A criminal going by Nimrod Gruber hacked the Dickson Sheriff's Office and infected the report management system with CryptoWall while staff listened to an online radio stream.

Dickson did have a backup solution in place, but relied on local unencrypted storage that was also vulnerable to attack. A portion of records was able to be restored, but 72,000 files remained locked until the required ransom was paid.

“My first response is we are not going to be held hostage. We are not going to pay a fee to get our records back,” Sheriff Jeff Bledsoe said. “But once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county…I had no choice but to authorize to pay this.”
The ransomed files, which included critical documents related to ongoing investigations, records, booking documents, and other irreplaceable data were restored after paying the ransom.

And many more...

This list is not comprehensive. The threat of ransomware continues to loom for police departments and sheriff's offices across the country. Armada Cloud customers don't fear infection: see the difference here.

Implement your ransomware insurance policy today

Our data protection appliance is available to try for free: APPLY NOW

No Fields Found.