Riverside Fire and Police Department

Ransomware has infected the servers of the Riverside Fire and Police department for the second time in a month.

The first ransomware infection took place on April 23, last month and encrypted ten months worth of work data related to active investigations.

Officials said they didn't pay the ransom and were able to recover some of the data from previous backups. Other data they recovered from public court records, but to this day, the Riverside Fire and Police department have not fully recovered from the first attack.

Department was prepared for the second infection

The second infection took place last week, May 4, but only came to light today when US Secret Service agents arrived in the Ohio town to help with the investigation.

This time around officials appear to have learned their lesson and were actively making backups on a daily basis. Officials said the second ransomware infection only locked up data for the last eight hours of work, and the department fully recovered after the second attack.

"Everything was backed-up, but we lost about eight hours worth of information we have to re-enter," City Manager Mark Carpenter told local media. "It was our police and fire records, so we just re-enter the reports."

Secret Service agents are now investigating the point of entry for both infections, hoping to find clues and track down the hackers.

Not the first time police lose evidence data to ransomware

This is not the first ransomware infection that hit a police department and has wiped data on investigations. Police in Cockrell Hill, Texas suffered a similar incident in January 2017 when they lost nearly eight years worth of evidence.

Police and fire departments are regularly hit with ransomware, but usually, they manage to recover either by restoring backups or by paying the ransom. Past victims include the police departments in the Mad River Township, Ohio; Roxana, Illinois; Tewksbury, Massachusetts; Rockport, OregonMount Pleasant, South Carolina; just to name a few.

Related Articles:

FBI: Number of Ransomware Complaints Went Down in 2017

New Michigan Law Makes Possession of Ransomware Illegal

The Week in Ransomware - May 25th 2018 - Crypton and Small Variants

Vermont Entices Remote Workers To Relocate By Paying Their Expenses

CryptON Ransomware Installed Using Hacked Remote Desktop Services