Vorsite Cloud Services

Not Even Police Can Avoid Ransomware – Back Up Regularly!

Written by cloudservicesforbusiness | February 9, 2017

How’s your network security? Is it on par with police departments, which, you’d have to imagine, have fairly robust security?

If so, you’re still not safe.

Recently, police in Cockrell Hill, Texas, announced in a press release that they had been the victim of a ransomware attack that cost them dearly.

The hackers demanded $4000 USD to unlock their files, but the department’s’ IT staff determined that the best course of action was simply to restore the server’s files from backup.

Unfortunately, that proved to be problematic. A new backup was made after the infection, so the only files that were available were archived versions of the encrypted files, all bearing the “.osiris” extension.

The end result was that the department lost literally years’ worth of video footage and photographic evidence. These files were accessed by area lawyers to use in the prosecution of criminal cases. There’s no way to account for how much of an impact their loss will have, or how many cases that may go to trial sans this evidence could be impacted.
Although, of course, the police department has made statements hinting that the impact will be minimal, the reality is that there’s no way to know.

As part of the formal statement issued by the department, they announced that they had been infected by “Osiris Ransomware,” probably owing to the extension on the files.

If you own your own business, then you should be aware that this was a misnomer. There’s no need to inform your staff to be on the looking for Osiris Ransomware, because no such software exists. Additional research has revealed that the most recent version of Locky Ransomware encrypts files bearing the .osiris extension, and this is almost certainly what the Cockrell Hill Police Department was actually infected with.

Nonetheless, the event stands as another harsh reminder that no matter how good your security is, you’re still not safe. In this case, the infection was made possible when a department member opened an email that had been spoofed so that it appeared to be an official departmental communication.