On February 21, television station WPTV in West Palm Beach, Florida reported that because of a 2019 ransomware attack that locked Stuart (Florida) Police Department officers out of their computers, the local State Attorney’s Office found it necessary to dismiss 11 narcotics cases involving alleged drug dealers because of the loss of evidence.
According to a Stuart Police Department spokesman, the cyberattackers used a “spear phishing” attack to disseminate the Ryuk ransomware, which was in the Stuart Police computers for approximately two months before the attackers sent the Department a ransom note demanding $300,000 in Bitcoin. When the City of Stuart refused to pay the ransom, the Police Department was unable to recover 1 ½ years of digital evidence that included photographs and videos.
WPTV also reported that losing data (or evidence in the Stuart Police Department’s case) “is highly common when an agency is hit by hackers. In the words of the Stuart Police Department spokesman, “I can’t recall, in speaking to my federal partners, that there has been a case where data has not been lost.”
The report said that the Stuart Police Department “has changed the way they save and store evidence, and city officials are now aggressively training employees to identify phishing emails.”
Note: This report should be of substantial concern to law enforcement officers and prosecutors across the country. Any ransomware attacks directed at government agencies are cause for concern, but ransomware attacks like the Stuart attack that result in loss of evidence in criminal prosecutions represent a significant threat to the rule of law and the justice system.
Prosecutive, police, and law enforcement agencies cannot depend solely on cybersecurity software to safeguard the evidence they need for criminal prosecutions. As the Stuart Police ransomware attack demonstrated, even a single individual who negligently clicks on a malicious link can compromise an entire computer network. For that reason, if they are not already doing so, those agencies need to initiate procedures for frequent backups of potential evidence in their cases to offline repositories, and to be able, if necessary at trial, to prove to courts that those data have not been altered or damaged in any way. The cost of providing such offline storage will be far less than the cost of admitting publicly that viable prosecutions had to be dismissed because police and prosecutors failed to take simple measures to protect their evidence.