Secret Service probes Riverside police virus: 3 recent ransomware cases

Riverside is the latest government facing an apparent ransomware attack.

For years, the FBI has warned that the use of ransomware — malicious software that threatens to block access to data or to publish it unless the infected organization pays a ransom — is a fast-growing criminal enterprise.

MORE: Secret Service investigating Riverside computer attack

Organizations often don’t learn they have been infected until they can’t access their data or until computer messages appear demanding a ransom payment in exchange for a decryption key, according to the FBI’s website.

Here’s a look at the current attack and other recent cyber assaults.


U.S. Secret Service agents are investigating the attacks on Riverside’s police and fire servers, according to state and federal officials familiar with the matter.

The city is the victim of at least two attacks on its servers , one of which made about 10 months of files inaccessible to staff, City Manager Mark Carpenter said.

Carpenter said the term “ransomware” was used to describe the attacks. The term implies that a third-party held, or is holding, the city’s data hostage in exchange for a ransom, often paid in bitcoin or other cryptocurrency

PHOTOS: Luxury home built by Charles Kettering for sale

The Secret Service is tasked with defending U.S. financial institutions from cyber attacks. Because of the agency’s experience, the Secret Service often assists other entities facing similar attacks.

“As a matter of policy, the Secret Service does not discuss active criminal investigations,” said Kevin Dye, resident agent-in-charge for the U.S. Secret Service in Dayton.

Riverside officials have not determined what exactly happened during the attacks , Carpenter said. City officials plan to meet May 15 with the city's third-party information technology company to discuss the problem.


Atlanta’s municipal government faced a ransomware attack in March. An attacker demanded a $50,000 ransom to restore the city’s systems.

City officials urged employees to check their bank accounts to make sure their financial information had not been accessed and said that anyone who had conducted transactions with the city could be at risk.

The city ended up shelling out nearly $2.7 million on eight emergency contracts in an attempt to fix the problem.

Three federal agencies — the FBI, the Department of Homeland Security and Secret Service — assisted Atlanta during its attack.


The Mad River Twp. Fire and EMS station is without years of data after its server was breached and encrypted with ransomware.

Chief Elmer Beard said the virus was found in August and the department has tried to work out solutions to get the information unencrypted. The hackers demanded payment for the information in Bitcoin, which translates to thousands of dollars he said.

“This data does contain personal identifiable information,” Beard said in a press release.

The data impacted is from information collected by officials when residents used EMS or fire services, Beard said.

It does not appear information was stolen, he said, instead the hackers encrypted the data so no one can read it. The department elected not to pay the ransom because they were unsure if they would actually get the information back, Beard said.

Read more coverage:

» The rise and fall of Elder-Beerman: A timeline of Dayton’s dying store

» Jim Renacci wins GOP primary, will face Sherrod Brown this fall

» Pike County murders: 8 deaths, 2 years, no answers

» Wright State University graduate wins U.S. Congressional primary

The Atlanta-Journal Constitution and WSB-TV contributed reporting from Atlanta.

About the Authors