Atlanta Loses ‘Years’ Of Police Video Evidence In Ransomware Attack

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

The incident paralysed city services for weeks, and police have only now mostly recovered

Atlanta’s police department has permanently lost “years” of video evidence, following a devastating ransomware attack in March.

Police chief Erika Shields said in an interview with local media that the footage, mostly dashcam videos, could not be recovered.

The loss could compromise some cases if an officer’s testimony isn’t sufficient, according to Shields.

But she said that while dashcam footage is “a useful tool” for police, it “doesn’t make the cases for us”.

data encryptionEvidence lost

Other sources of police video evidence, such as police bodycam footage, were not compromised, Shields said.

The lost evidence is one of the effects of a ransomware attack disclosed on 22 March, which paralysed many city public services, including municipal courts, for weeks.

The city said in mid-May that most services had been restored, and Shields said that only now had police services mostly recovered from the incident.

At a public meeting last week a police investigator said more than 100,000 files on his computer had been encrypted by the ransomware.

But Shields said essential files such as criminal case files were not affected, having been backed up on the city’s servers.

At a public hearing the city disclosed it has allocated an additional $9.5m (£7.1m) to finance recovery efforts, saying the attack was more severe than was first thought.

‘Mission critical’ services hacked

More than 140 applications were completely or partially disabled by the attack, said Daphne Rackley, head of Atlanta’s IT department. About 30 percent of the affected programs were “mission critical” services used by police or courts.

The attackers behind the SamSam malware initially asked for about $51,000 in Bitcoin, but quickly took their contact portal offline after its web address was disclosed by local media.

The city did not pay the ransom, and it isn’t clear whether a payment was attempted.

Law enforcement authorities such as the FBI do not recommend paying such ransoms, as there is no guarantee services will be restored.

Payment can also make the organisation a target for future attacks, authorities say.

The National Cyber Security Centre (NCSC) recently warned that the risk from ransowmare continues to grow, saying firms are in danger if they adopt only basic security measures.

Do you know all about security? Try our quiz!