Police Computer System Hit With Randsomware Attack

SALISBURY – Officials with the Salisbury Police Department this week revealed a ransomware attack had compromised its computer network earlier this month.

In a briefing held on Wednesday, Capt. Rich Kaiser of the Salisbury Police Department (SPD) said the agency will be fully operational by the end of this week after a ransomware attack on Jan. 9 had impacted its computer system.

In layman’s terms, ransomware causes files in a network to be compromised, encrypted or locked. In most cases, the attacker requires a ransomware payment in exchange for a keycode to unlock the encrypted file.

“In our case, the attacker requested an undisclosed amount of U.S. currency in return for the keycode,” Kaiser said. “There were some negotiations that took place after the attack, but the negotiations quickly disintegrated.”

Kaiser explained the department did not lose any system data, crime data or file server data as documents were stored in intricate backup systems. However, some data remains inaccessible because of the encryption.

“We are working to recreate this data from the original sources we did have on hand,” he said. “There is no evidence of any of this data being stolen or downloaded.”

Kaiser noted attackers have attempted to compromise the department’s system four times in the past five years. Unlike the three prior attempts, in which the attacks were quickly identified and stopped before any damage was done, he said this month’s incident was “completely different.”

“This can be characterized as the worst computer network attack in SPD history,” he said. “It was completely different because the investigation revealed that the attacker made entry into our network through a software vendor that we have used for many, many years.”

Kaiser said the incident took place in the early morning hours of Jan. 9. When employees arrived at work, they were unable to check emails, recent reports or analyze crime data. He noted the attack included its CAD system, records management system, email network, network servers and supplemental network systems.

“We have learned there have been similar attacks like this throughout our country and unfortunately we are not the only victim to this attack,” he said. “The FBI has been working closely with us in the hopes of identifying and apprehending the person or persons who are responsible for our attack as well as the recent attacks throughout our country.”

Kaiser said the department also worked closely with the Wicomico County Sheriff’s Office and the Fruitland Police Department to run any necessary computer database checks for officers who were in the field at the time.

“These database checks include routine registration checks and wanted person checks through state and federal databases,” he said. “These particular databases were not compromised. We simply took them offline to eliminate any further corruption with the network.”

Kaiser said the department called the FBI for assistance when it determined a ransomware attack had occurred. He noted critical systems were up and running by Jan. 11 and all supplemental systems were back online by Jan. 14.

“What is important to realize here is our ability to receive and or respond to calls for service during that time period were not hampered whatsoever,” he said. “We simply shifted back to a paper reporting system for a short period of time.”

While officials expect the department to be fully operational by the end of the week, Kaiser asked for the community’s patience.

“Just to be clear, our data was encrypted and locked,” he reiterated. “There is absolutely no evidence of police department data being stolen or downloaded during this attack.”

About The Author: Bethany Hooper

Alternative Text

Bethany Hooper has been with The Dispatch since 2016. She currently covers various general stories. Hooper graduated from Stephen Decatur High School in 2012 and the University of Maryland in 2016, where she completed double majors in journalism and economics.