Ransomware attack again took place on the Riverside Fire and Texas Police department computer server on May 4. The police department had already lost around 10 months of sensitive data related to active investigations by previous ransomware attack that happened on April 23.
Ransomware has locked the files and even deleted some of them which were stored on the infected computer server.
The second ransomware attack only came to light when US Secret Service agents, involved in this case, arrived in Ohio town to help with the investigation. The investigation has been conducted on the infected servers.
Officials said they didn’t pay the ransom and were able to recover some of the data from previous backups. Other data they recovered from public court records, but to this day, the Riverside Fire and Police department have not fully recovered from the first attack.
This time around officials appears to have learned their lesson and were actively making backups on a daily basis. Officials said the second ransomware infection only locked up data for the last eight hours of work, and the department fully recovered after the second attack.
“Everything was backed-up, but we lost about eight hours worth of information we have to re-enter,” City Manager Mark Carpenter told local media. “It was our police and fire records, so we just re-enter the reports.”
Cyber Criminals infected the police department computer server via Email based infection vectors and demanded to pay ransom amount in bitcoin.
Riverside officials have determined that it was unclear how this attack has taken place and they planned to meet on May 15 with the city’s third-party information technology company.
Riverside Carpenter said, “We’re still trying to get to the bottom of how the attack was initiated and the recent virus attacked the city’s server Friday afternoon and erased about eight hours worth of data.”