A cybervirus infected the Warwick Police Department’s system on April 16, leading to a complete computer shutdown for about 14 hours, Chief Stephen McCartney explained during a recent phone interview.
By the afternoon of April 23, most of the data lost in the Cryptolock attack had been recovered, and the department is taking steps to prepare for potential future incidents, McCartney added.
“We figure we’ll have everything back together by the end of the week,” said McCartney.
The problem started on April 16 at about 5:45 p.m., when a local officer found that he could not access the department’s Records Management System. According to McCartney, the officer contacted the Administrative Services Division, which then called in Apex Technology, the city’s new Management Information Services [MIS] contractor, to investigate the problem.
Mayor Scott Avedisian said he received an email about the problem later Wednesday, leading to the response from Apex.
“They dispatched a team to deal with it right away — they had to cleanse it all, and because we do backups on a regular basis, we were able to reload [the lost data],” the mayor explained during an interview at City Hall on Tuesday.
Shutting down the entire system was “a pretty drastic thing to do, but it was the right thing to do,” McCartney explained.
From that point until 8 a.m. the next morning, McCartney said, “we did everything on paper — we just got paper and pencil out, and we wrote it down like the good old days.”
Once the computer system was running again, McCartney said the impact of the attack became clear.
“We thought we’d only lose two days of data, since we backup the system every 48 hours — we actually lost 10 days’ worth of data,” the chief explained. “[But] we had it archived, and we’re in the process of resurrecting it now.”
The department will change its backup schedule to 24 hours instead of 48, which McCartney said should further limit future data loss.
“There’s nothing you can do 100 percent to protect yourself, but you can take steps to reduce the damage,” he noted.
McCartney also noted the timing of the attack — just a day after he’d attended a Rhode Island State Police seminar on cyber attacks directed at law enforcement agencies, like Cryptolock, and shortly after the RISP Cyber Disruption Unit had inspected the local system.
“It’s been hitting a lot of agencies around the country,” McCartney explained of Cryptolock, a virus that infects an email attachment and attacks a department’s system to lock out users.
The virus sometimes includes a ransom note that demands payment before the system can be unlocked, though that wasn’t part of the local attack, McCartney said.
“Considering the potential, this could have been far worse,” he explained.
This is a test