A May 30, 2023, San Bernardino County Sheriff's Department interoffice memo detailing a ransomware attack the department suffered the month before. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
Original Title
2024-05-30 San Bernardino County Sheriff's Department ransomware attack interoffice memo
A May 30, 2023, San Bernardino County Sheriff's Department interoffice memo detailing a ransomware attack the department suffered the month before. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
A May 30, 2023, San Bernardino County Sheriff's Department interoffice memo detailing a ransomware attack the department suffered the month before. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
SAN BERNARDINO
COUNTY __ Interoffice Memo
DATE: May 30, 2023 PHONE: 909-387-3755
FROM: THE OFFICE OF THE SHERIFF4¥\\\+)
TO: ALL SHERIFF'S PERSONNEL
SUBJECT | RANSOMWARE ATTACK
Progress continues as we work to restore other systems and applications, some of which are more challenging
than others. Efforts to decrypt and recover data that was encrypted during the attack continue. Unfortunately,
it appears that a portion of our stored data may not be recoverable. With the complexity of our old system's
hundreds of servers, it's unclear at this stage which types of data may be affected and all the applications that
will be impacted. An outside vendor specializing in data recovery has been obtained, and TSD is working with
them daily to recover our data in our legacy systems. However, all files contained in our share drives remain
intact, and access has already been restored to a handful of stations and divisions, with more to follow soon.
The version of the Inform report management system (RMS) we were using previously is no longer available,
and the new version has compatibility issues that will make it ult to view on an MDC. Since a new RMS.
was already being explored before the attack, it may make better sense to focus on implementing a new
product instead of switching to the latest version of Inform. Two weeks ago, a vendor demonstrated a
potential replacement system. Several representatives attended the presentation, including TSD, Records,
Dispatch, Patrol, and the DA's office. Last week, a similar delegation visited that vendor's headquarters in
Louisiana to assess their product further and interact with their current users. While a decision hasn't been
finalized, the feedback received thus far has been very positive and encouraging,
Our federal law enforcement partners are currently leading the ongoing criminal investigation into the
\ividuals responsible for the attack, working in collaboration with our department and other law
enforcement agencies. Although we are still uncertain about the extent of any potential data compromise, or
extraction of data from our system, efforts are focused on uncovering these details to the extent possible. In
other instances where government entities have fallen victim to ransomware attacks, the perpetrators have
deliberately leaked employee data on the dark web to increase their chances of receiving a ransom payment.
In contrast, it appears the group behind our attack has not previously released data when successful
negotiations for a ransom payment were made.
Your personal information is of the utmost importance to us. Since the beginning of the attack, a professional
company and our federal partners have been monitoring the dark web for any indications of a data leak. There
have been no signs of a data leak at this point. Nonetheless, as a precautionary measure, it may be advisable
to consider utilizing a credit monitoring solution if you are not already doing so. We are working with HumanResources and the Insurance provider to determine if any additional identity protection programs may be
provided to our employees. The Sheriff will update and address any concerns at our next department-wide
meeting.
Lastly, while we all rely on technology to make our jobs more accessible and efficient, it has been extremely
gratifying to see the response from all of you when access to all those systems was lost instantly. We are
proud of each one of you for keeping your heads up high and being patient while your jobs have invariably
become more challenging, all while continuing to provide the high levels of service the public expects from us.
‘While we are looking at a months-long recovery period, with many challenges ahead of us, we will eventually
be in a far better place in many aspects. Thank you all for your hard work and dedication.
Page 2 of 2