Police department forced to pay ransom for hacked department’s data

This post is also available in: עברית (Hebrew)

Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files. The attack is known as the CryptoLocker ransomware virus, and it points to a new frontier in cyberterrorism.

According to HomeLand Security News wire for about five days, police systems in Tewksbury were down as the FBI, DHS, Massachusetts State Police, and two private sector firms worked to restore the department’s data before paying the ransom.

According to the DHS Computer Emergency Readiness Team (US-CERT), CryptoLocker is a malware campaign which surfaced in 2013. It is a new variant of ransomware that restricts access to infected computers until victims provide payment to the hackers. Primary means of infection are generally phishing e-mails with malicious attachments, fake FedEx and UPS tracking notifications, and pop-up ads. Hackers usually refrain from stealing the encrypted information, so the attacks are different from breaches which have plagued U.S. banks and retail companies holding consumer information.

The Tewksbury Town Crier reports that CryptoLocker has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, and all other drives and files connected to the affected computer or server.

Tewksbury’s police computers became infected on 7 December and the department became aware of the malware on 8 December. Once officers tried to access their stored data the day following the infection, they received a demand for a $500 bitcoin ransom sent to an untraceable Web address and account.

CryptoLocker, authorities did not have a key to undo the attack.

In Tewksbury’s case, back-up files stored on an external hard drive were also corrupted, and the most recent non-corrupted files were 18-months old, not enough to rebuild missing information from paper reports.

Tewksbury has hired Delphi Technology Solutions to help diminish the town’s vulnerability to future threats and system-wide hacks. Stroz Friedberg, a digital forensics and security firm, helped Tewksbury in the bitcoin transaction, refusing to take a fee because the experience would become valuable when serving the private sector.