Hapless US police department taken down for a second time in a month by ransomware

Police data lost in targeted ransomware attacks

A US police force has been hit by two data-shredding ransomware attacks within the space of just one month - with the FBI called in to investigate.

The attacks on the network and servers of the police department in Riverside, Illinois took down months of police investigation work first time around, according to the Dayton Daily News, and also resulted in the loss of up to eight hours of police work when it was hit the second time.

After the first attack, according to reports, the department stepped up its offsite backup procedures to reduce the risk of data loss.

Now, FBI has been called in to investigate, as well as to help the department to improve its IT security defences.

In the first attack in April, the police department lost as much as 10 months of records, after it refused to pay the ransom and tried to restore lost data from backups - discovering that they hadn't been done every day.

In the second attack, which took place on Friday afternoon, up to eight hours worth of data was erased. The impact was much less second time around as backups had been stepped up following the first ransomware attack.

City manager Mark Carpenter said told the Dayton Daily News over the weekend that officials are still working out the details of the attack. He described it as "ransomware" and said that officials were "still trying to get to bottom of how the attack was initiated".

He added: "Everything was backed-up, but we lost about eight hours worth of information we have to re-enter. It was our police and fire records, so we just re-enter the reports."

While the attack targeted the police department's servers, Carpenter said it should not affect any ongoing investigations or court proceedings

He said that most of the files compromised in the attack "are copied and are with the court system, so there are hard copies out there".

These documents include sensitive personal information, such as social security numbers, birth dates, addresses and medical information, but Carpenter was keen to assert that this information hadn't been "disseminated to any hackers".

Ransomware boomed in 'popularity' among hackers during 2017, but attention has turned since around November to so-called crypto-jacking instead.

While ransomware and organised crime helped fuel the boom in cryptocurrencies, especially Monero, it became more profitable to hijack people's computers to mine those currencies, rather than take encrypt their data and demand a ransom in return for the decryption key.

The fall in values of cryptocurrencies since April may consequently have reignited hackers' interest in ransomware.