UPDATE: Secret Service investigating Riverside computer attack

Credit: DaytonDailyNews

caption arrowCaption
Secret Service investigating Riverside computer attack

Credit: DaytonDailyNews

UPDATE @ 6:40 p.m.

U.S. Secret Service agents are investigating the attack on Riverside’s computer server, according to state and federal officials familiar with the matter.

The Secret Service is tasked with defending U.S. financial institutions from cyber attacks. Because of the agency's experience, the Secret Service often assists other entities facing similar attacks.

“As a matter of policy, the Secret Service does not discuss active criminal investigations,” said Kevin Dye, resident agent-in-charge for the U.S. Secret Service in Dayton.

A spokeswoman for Auditor Dave Yost referred all questions about the investigation to the Secret Service.

PHOTOS: Luxury home built by Charles Kettering for sale


Another computer virus hit the city of Riverside’s police and fire servers last week and erased certain files, the city manager said today.

The attack — the second to hit the city in several weeks — was less damaging than a still-unsolved attack last month that rendered about 10 months of police records inaccessible to police officials, City Manager Mark Carpenter said.

Riverside officials have not determined what exactly happened during the attacks, Carpenter said. City officials plan to meet May 15 with the city’s third-party information technology company to discuss the problem.

“We’re still trying to get to the bottom of how the attack was initiated,” Carpenter said.

Carpenter said the term “ransomware” was used to describe the attack. The term implies that a third-party held, or is holding, the city’s data hostage in exchange for a ransom, often paid in bitcoin or other cryptocurrency. But Carpenter said the city has not paid such a ransom, and he wasn’t aware if such a ransom was demanded.

The recent virus attacked the city’s server Friday afternoon and erased about eight hours worth of data, Carpenter said.

“Everything was backed-up, but we lost about eight hours worth of information we have to re-enter,” he said. “It was our police and fire records, so we just re-enter the reports.”

Carpenter said the attacks have not hindered criminal investigations or prosecutions, because many of the documents made inaccessible in the first attack “are copied and are with the court system, so there are hard copies out there.”

Police and fire reports often contain a host of personal data about individuals — victims, suspects, witnesses and police officers themselves. Reports can include Social Security numbers, birth dates, addresses, insurance policy numbers, medical information and other data. Some data are routinely available to the public, but other data are withheld under public records law exemptions.

The city has not said if any confidential investigatory data are compromised by the attack, but Carpenter said, “people’s personal information, as we understand it, has not been disseminated to any hackers.”

MORE: Wright State University graduate wins U.S. Congressional primary

Riverside faces these computer problems as cities and organizations across the U.S. and globe, including the city of Atlanta, have faced crippling computer viruses costing millions of dollars in repairs and untold hours of labor.

In Clark County, Mad River Twp. Fire and EMS data were hacked and encrypted with ransomware in December.

Atlanta's municipal government faced a ransomware attack in March. An attacker demanded a $50,000 ransom to restore the city's systems. The city ended up shelling out nearly $2.7 million on eight emergency contracts in an attempt to fix the problem.

Three federal agencies — the FBI, the Department of Homeland Security and Secret Service — assisted Atlanta during its attack.

Carpenter said he didn’t think Riverside has asked for similar help. He said Ohio Auditor Dave Yost’s office provided some assistance, but did not specify how the state office helped. Yost’s office did not immediately respond to a request for comment.

For years, the FBI has warned that the use of ransomware — malicious software that threatens to block access to data or to publish it unless the infected organization pays a ransom — is a fast-growing criminal enterprise.

Organizations often don’t learn they have been infected until they can’t access their data or until computer messages appear demanding a ransom payment in exchange for a decryption key, according to the FBI’s website.

Read more coverage:

» The rise and fall of Elder-Beerman: A timeline of Dayton’s dying store

» Jim Renacci wins GOP primary, will face Sherrod Brown this fall

» Pike County murders: 8 deaths, 2 years, no answers

» See inside the mansion built by Charles F. Kettering

The Atlanta-Journal Constitution and WSB-TV contributed reporting from Atlanta.

About the Author