The Cockrell Hill, Texas Police Department has found out the painful and hard way that backups are nothing to skimp on and everything to obsess over. The Department admitted, via press release, that eight years' worth of evidence stored on the department's server was lost after the server was infected with the Locky ransomware infection.
Among the evidence lost were all body camera videos, section of in-car video, in-house surveillance videos, photos, and a multitude of Word, Excel, and PowerPoint arguments. There are portions of the lost data that date back to 2009 and there are some files that were backed up on CDs and DVDs - making that data recoverable.
According to the Department's press release, "It is [...] unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small."
While being interviewed by local station, WFAA, Police Chief Stephen Barlag said that none of the data that was lost was critical and that the department had already notified the Dallas County District Attorney's office regarding the incident.
Adding Insult to Injury
The Police Department has a backup process and states that the infection was discovered on December 12 of last year. However, data could not be recovered from backups since the backup methodology was such that no historical versions of files were retained long-term and the most current backup began shortly after the ransomware began encrypting files.
The FBI's cyber-crime unit was consulted and the department decided the best course of action was to wipe their data server and reinstall everything.
How It Started
The press release states that the infection began via an e-mail that was opened by an officer. The message was from a spoofed message imitating a department-issued address.
Big Takeaways for Tampa Small Businesses
This is a sad situation that may affect cases pending prosecution and what makes it even sadder is that it was preventable. Here's how:
- Tag external e-mail messages with [External] in the subject line or some other indicator to help you spot spoofed e-mail
- Employ sender spoof protection within your spam filter
- Have backups that keep historical copies of the data so you can roll back to a previous point in time. In addition, back up as frequently as reasonably possible for your situation
- Test all of these defenses regularly
