Ransomware wipes evidence, lets suspected drug dealers walk free

Six alleged drug criminals will go free thanks to a ransomware attack on a small Florida city, it was revealed this month.

Stuart is a city in Florida with a population of around 16,500. It suffered an attack involving the Ryuk ransomware in April 2019 that took city servers offline. While reports said that city emergency services, including 911 calls, were unaffected, things were a little different behind the scenes. Detective Sergeant Mike Gerwan explained:

Because we didn’t have access to the internet we were sending police officers to calls blind.

The City refused to pay the $300,000 bitcoin ransom, and instead kept servers disconnected while it rebuilt its servers. At the time, city manager David Dyess said that the city’s data backups saved it from having to negotiate.

While Stuart might have saved some of its data, there were some casualties. Among them were case records that the Stuart police department was relying on for several prosecutions. It was unable to recover crucial evidence for narcotics cases involving 6 defendants facing a total of 28 charges.

The crimes included methamphetamine and cocaine possession, along with selling, manufacturing, and delivering narcotics. Another charge involved illegally using a two-way communication device, according to local station WPTV. Gerwan told reporters:

We lost approximately a year and a half of digital evidence. Photos, videos. Some of the cases have been dropped.

The attackers got into city systems via a spearphishing email, and lurked undetected in the network for two months before launching the Ryuk attack, Gerwan said:

We were totally crippled for the first month and a half. We all went home one day and the next day we came back to work and we were back in the year 1984. Back in 1984 if you wanted to look somebody up you had to find them in the phone book.

Electronic evidence destruction like this seems like a storyline straight out of a Breaking Bad script, but in this case, the ransomware criminals inadvertently did the defendants a favour. It’s a surprisingly common problem, according to Gerwan. He said:

I can’t recall when speaking to my federal partners, that there has been a case where data had not been lost.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.