Ransomware: Lessons Learned From Attack on Texas Police

The ransomware infection of Cockrell Hill Police Department’s (CHPD) servers in Texas on December 12, 2016 revealed cyber vulnerabilities that can be mitigated. The hacker behind the attack demanded $4,000 in bitcoins to decrypt CHPD’s files. After consulting with the FBI Cyber Crime Unit, CHPD decided not to pay the ransom and wiped its server to remove the virus. The wipe caused the loss of some body camera, dash camera, and surveillance videos, as well as photos that were not properly backed up.

Ransomware attacks will continue to evolve and become more sophisticated. As a result, public and private organizations should become familiar with tactics used in ransomware attacks and implement appropriate mitigation measures to reduce the likelihood or impacts of this threat, including:

  • Maintain robust data backup and data recovery. Organizations should schedule routine data backups and tests, ensuring data is stored offline in a secure, remote location.

  • Conduct frequent trainings and exercises with all employees. This will ensure they have a common understanding of safe-browsing techniques, as well as how to identify and avoid phishing attempts.

  • Instruct employees to disconnect hardwire network cables or disable WiFi as soon as a ransomware infection is suspected. This will prevent the infection from spreading to other computers and storage drives on the network. Organizations should also instruct employees to turn off the power or remove the power supply cable to the infected system.

  • Confirm system protection software is installed, up-to-date, and enabled on every system and device on the network. This includes antivirus software, enabling automatic patches for operating systems, web browsers, plugins, and other applications, as well as properly configuring and activating the firewall. Organizations should also consider implementing an email gateway, which monitors incoming emails for unwanted content, and prevents phishing and spam emails from being delivered to end users.

For more information, visit the New Jersey Cybersecurity and Communications Integration Cell’s webpage on ransomware.

For additional information, please contact NJOHSP’s Preparedness Bureau at preparedness@njohsp.gov.