Statements made in online message boards seem to suggest that the hackers stole potentially sensitive data which included "information related to both past and ongoing [police] cases," said Brett Callow, threat analyst with Emsisoft. The Sheriff's Office could not be reached for comment.
County spokesperson Cathy Lloyd said that she had been made aware of the ransomware incident over the weekend, but could not provide any further information. County officials have so far not confirmed that data was stolen, nor commented on the nature of the ransom.
The cybercriminals responsible for the incident are apparently affiliated with REvil ransomware — and have threatened to start releasing the agency's data within seven days if their financial demands are not met. REvil is the same strain of malware that struck over 20 different Texas communities simultaneously last summer.
The attack on Cooke County is only the most recent incident in a rising trend — as hackers have increasingly used malicious malware not just to encrypt but also steal government data.
"Cooke County is at least the fifth U.S. municipality to have had data stolen by a ransomware group and the fourth to have the stolen data published — one paid to prevent publishing. There may be others that we do not know about," said Callow.
Most recently, ransomware victim Knoxville, Tenn., saw some of its data published online, as hackers sought to coerce officials into meeting ransom demands. Kristin Farley, Knoxville's director of communications, said in an email that her city continues to monitor the situation.
"The data is being published on a site created by the threat actor to shame victims who choose not to pay the ransom and as additional leverage to seek payment of the ransom," reads a statement provided by Farley. "We are working diligently, with the assistance of our third-party computer forensic specialists, to review the data published by the threat actor and confirm the full extent of data that is impacted."
While successful ransomware attacks on government agencies declined slightly during the beginning of the stateside COVID-19 pandemic, those numbers appear to be climbing again.
As the attacks have continued, public officials have continually agreed to pay criminals for their data, thus validating the business model. A good example is the University of California, San Francisco, which recently agreed to pay hackers $1.14 million in exchange for data stolen in May.
"If organizations would follow the advice of law enforcement agencies and stop paying ransoms, ransomware would become a thing of the past," said Callow, adding that if governments continue to pay, "the outcome will be a vicious circle in which the criminals become ever better resourced and able to invest in ramping up the scale and sophistication of their operations."