Riverside Fire and Police Department

Ransomware has infected the servers of the Riverside Fire and Police department for the second time in a month.

The first ransomware infection took place on April 23, last month and encrypted ten months worth of work data related to active investigations.

Officials said they didn't pay the ransom and were able to recover some of the data from previous backups. Other data they recovered from public court records, but to this day, the Riverside Fire and Police department have not fully recovered from the first attack.

Department was prepared for the second infection

The second infection took place last week, May 4, but only came to light today when US Secret Service agents arrived in the Ohio town to help with the investigation.

This time around officials appear to have learned their lesson and were actively making backups on a daily basis. Officials said the second ransomware infection only locked up data for the last eight hours of work, and the department fully recovered after the second attack.

"Everything was backed-up, but we lost about eight hours worth of information we have to re-enter," City Manager Mark Carpenter told local media. "It was our police and fire records, so we just re-enter the reports."

Secret Service agents are now investigating the point of entry for both infections, hoping to find clues and track down the hackers.

Not the first time police lose evidence data to ransomware

This is not the first ransomware infection that hit a police department and has wiped data on investigations. Police in Cockrell Hill, Texas suffered a similar incident in January 2017 when they lost nearly eight years worth of evidence.

Police and fire departments are regularly hit with ransomware, but usually, they manage to recover either by restoring backups or by paying the ransom. Past victims include the police departments in the Mad River Township, Ohio; Roxana, Illinois; Tewksbury, Massachusetts; Rockport, OregonMount Pleasant, South Carolina; just to name a few.

Related Articles:

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices

Tens of Millions of U.S. Voter Records for Sale

Hacking is the Lesser Evil for the U.S. Midterm Elections