Hackers Hold Info Ransom, Steal Diplomatic Emails and Infect CCTV System

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Ransomware Causes Dallas Police to Lose 8 Years of Evidence

A police station in Dallas lost digital evidence, such as videos and photos, when it cleaned up from a ransomware attack after deciding not to pay.

The Cockrell Hill Police Department’s servers were infected Dec. 12 by a ransomware virus that demanded $4,000 in bitcoins. The department, after consulting with the FBI cyber crime unit, opted not to pay the ransom and wiped the servers, according to a department statement.

But some evidence was lost, which came up in court for the first time Jan. 25, according to a WFAA report.

The virus corrupted files dating back to 2009, including all Microsoft Office Suite files and body camera videos, as well as some in-car video, surveillance video and photos. Some material was backed up on hard copies, CDs and DVDs, but not all, and the department’s automatic backup simply backed up infected files.

The Chief of Police Stephen Barlag told WFAA none of the lost evidence was critical information, but defense attorney J. Collin Beggs said, “Well, that depends on what side of the jail cell you’re sitting.”

Czech Government Suspects Nation-State for Stolen Diplomatic Emails

A sophisticated, months-long breach of Czech diplomats’ email accounts indicate a state actor as the culprit, Czech Foreign Minister Lubomír Zaorálek announced Jan. 31.

Zaorálek’s email was compromised, as were other senior diplomats', and the stolen correspondence includes some conversations about the country’s NATO and European Union allies, according to The Guardian. The attacks happened repeatedly but were first detected in early January. Officials said no classified material was compromised.

Zaorálek compared the breach to the attacks on the U.S. Democratic Party leading up to the 2016 presidential election, but did not name any specific country as the potential aggressor.

Ransomware Infects DC Police Closed-Circuit Camera Network 

Eight days before President Donald Trump's inauguration, hackers infected a large number of storage devices that record data from D.C. police surveillance cameras, according to The Washington Post. 

Police cameras were unable to record Jan. 12-15 because of two forms of ransomware, according to city officials. The attack impacted "123 of 187 network video reorders in a closed-circuit TV system for public spaces across the city," The Post reported. 

No actual ransom was paid; the city decided to fix the problem by "taking the devices offline, removing all software and restarting the system at each site," The Post wrote.

The city's Chief Technology Officer Archana Vemulapalli said the hack is being investigated. No suspect has been named as of yet. 

Update: The Washington Post reported Feb. 2 that Britain’s National Crime Agency arrested a Swedish woman and English man, both 50 years old, after executing a search warrant. Both are currently out on bail.