The Hidalgo County Sheriff’s office in Texas was struck by a ransomware attack in 2017 but records of it are non-existent following a loss of data.
During a recent trial following the attack, HCSO investigator Marco Antonio Mandujano’s testimony proved the exception to the lack of details behind a ransomware attack targeting a cellphone.
According to newswire TNS, the investigator lost the data obtained from an early 2017 data dump of a sexual assault victim’s cellphone after the device caught a “virus,” details from his testimony revealed. The investigator was the lead in the sexual assault case, to which he testified that the virus “was asking for [a] ransom.”
The ransomware attack occurred on the Sherriff’s office’s east substation in Weslaco. It was one of only two HSCO computers connected to the internet.
“The data on the phone dump was wiped out because we are connected to the Internet, and somehow the computer program — Well, actually, the computer itself got a virus … and we couldn’t get into it,” the transcript of his testimony from court reads. “… It was asking for ransom — the computer virus. So there was no way to get into it … The whole computer memory was erased — the hard drive.”
However, the sheriff’s office has no records of the attack because neither the investigator nor the staffed IT technician supported any reports of the data loss.
The dump is said to contain messages between the victim of the crime and two witnesses to the attack. The investigator has testified that, in his opinion, the data obtained from the dump was no use to the investigation.
However, the incident underlines the mandated policy wherein the HSCO requires investigators to automatically backup data onto an offline storage medium – like a disc.
As for the ransomware, the IT technician – no longer employed by the HSCO – had to restore the impacted computer to its last backup which did not include the data dump of the cellphone.