San Bernardino County Sheriff's Department yet to recover from weeks-old malware attack

The Sheriff’s Department of San Bernardino County in the US state of California suffered a malware attack that forced it to temporarily shut down most of its systems.

Mara Rodriguez, the public information officer at the Sheriff’s Department, said that the network intrusion, first identified on April 7, disrupted the daily operations of the Sheriff’s Department and forced it to temporarily take its systems offline to mitigate the impact of the attack.

While the security incident was initially reported as a cyber attack, the Sheriff’s Department later confirmed that it involved threat actors injecting malware into the department’s network. Rodriguez however, did not comment on whether the department suffered a ransomware attack.

“The County is conducting a forensics investigation to achieve a complete understanding of any impacts to the system. At this time, we have no further information available and continue to investigate,” Rodriguez said.

Almost a month after the cyber attack took place, the department is yet to restore normal operations. As per local news reports, while the department was able to recover its data, it has kept its systems offline, including email, internet, and many computers in vehicles. Officers are using radios to run license plates and run background checks on suspects.

“Public safety operations have not been affected. Deputies are able to run backgrounds on people and are still getting dispatched to calls. The county is conducting a forensics investigation to achieve a complete understanding of any impact to our operations before we fully use the system,” the department said in a statement.

In March this year, the Washington County Sheriff’s Office in northeastern Florida also suffered a cyber attack that affected its finance system and jail networks. While internal communications weren’t affected, the department took its official app offline from February 21 until early March.

“We believe the attack originated in Russia. We aren’t absolutely sure but we believe it to be. We are grateful our communication lines never went down. We never lost our phone lines and were able to continue to serve our community in that arena,” Sheriff Kevin Crews said.

The notorious LockBit ransomware gang claimed responsibility for the cyber attack on the Washington County Sheriff’s Office and on February 27, listed the office as a victim on its data leak site. The gang threatened to publish all stolen data from the Sheriff’s Office by March 20 unless its ransom demands were met. It is not clear whether a ransom was ultimately paid.