Riverside Fire and Police Department

Ransomware has infected the servers of the Riverside Fire and Police department for the second time in a month.

The first ransomware infection took place on April 23, last month and encrypted ten months worth of work data related to active investigations.

Officials said they didn't pay the ransom and were able to recover some of the data from previous backups. Other data they recovered from public court records, but to this day, the Riverside Fire and Police department have not fully recovered from the first attack.

Department was prepared for the second infection

The second infection took place last week, May 4, but only came to light today when US Secret Service agents arrived in the Ohio town to help with the investigation.

This time around officials appear to have learned their lesson and were actively making backups on a daily basis. Officials said the second ransomware infection only locked up data for the last eight hours of work, and the department fully recovered after the second attack.

"Everything was backed-up, but we lost about eight hours worth of information we have to re-enter," City Manager Mark Carpenter told local media. "It was our police and fire records, so we just re-enter the reports."

Secret Service agents are now investigating the point of entry for both infections, hoping to find clues and track down the hackers.

Not the first time police lose evidence data to ransomware

This is not the first ransomware infection that hit a police department and has wiped data on investigations. Police in Cockrell Hill, Texas suffered a similar incident in January 2017 when they lost nearly eight years worth of evidence.

Police and fire departments are regularly hit with ransomware, but usually, they manage to recover either by restoring backups or by paying the ransom. Past victims include the police departments in the Mad River Township, Ohio; Roxana, Illinois; Tewksbury, Massachusetts; Rockport, OregonMount Pleasant, South Carolina; just to name a few.

Related Articles:

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

New Brrr Dharma Ransomware Variant Released

Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program

The Week in Ransomware - September 14th 2018 - Kraken, Dharma, & Matrix

Fallout Exploit Kit Pushing the SAVEfiles Ransomware