Tewksbury police pay Bitcoin ransom to hackers

Cops don’t usually give in to the demands of criminals. But in December, when vital records of the Tewksbury Police Department were held for ransom, the department had no choice but to pay up.

The cops were victims of “ransomware,” an insidious form of Internet malware that secretly encrypts the files on a victim’s computer. Criminals then demand money in exchange for the key that will unscramble the files. If the victim refuses to pay, his data is lost forever.

The attack on the Tewksbury Police Department, first reported on Saturday by the Tewksbury Town Crier, took place on December 7. A single computer on the department network was infected with a ransomware program called CryptoLocker, which infects unsuspecting victims via e-mail.

A department employee apparently launched CryptoLocker by opening an infected attachment or download by clicking an innocent-looking link in an e-mail message. Once it was launched, CryptoLocker began scrambling the data on the infected computer, and on any other connected machines. The infected computer had access to all the department’s vital records, and so all the files were encrypted, making them unreadable.

CryptoLocker then displayed a message warning that the department’s files would remain scrambled unless it paid $500 into an online account. The ransom had to be paid in bitcoin, a digital currency that is popular with criminals because it’s more difficult to trace than traditional money.

Tewksbury might have avoided paying by using uncorrupted backups of their files. But the backups also had been corrupted, and the most recent untainted files were 18 months old. So the department was forced to pay.

It’s far from the first time that police departments have been victimized by ransomware. The Swansea, Mass., Police Department fell victim to the scam in November of 2013, and paid $750 to get its files back. Cops in the Chicago suburb of Midlothian were forced to pay $500 in January. It’s also happened to police departments in Durham, N.H., and Collinsville, Alabama, but those departments refused to pay and reconstructed their databases from backups.

Computer security analyst Brian Krebs, author of the book “Spam Nation,” said many ransomware attacks go unreported, unless the victim is a government agency. “They’re dealing with public funds,” said Krebs. “They can’t hide the fact that they paid the ransom.”

Krebs said the attackers probably aren’t deliberately attacking police departments. “The Cryptolocker stuff is not normally targeted. They just spam it out to the whole world,” he said. But Krebs said that criminals may begin attacking specific businesses or government agencies that might be willing to pay larger sums to rescue their data. “You get inside of a pharmaceutical company or something like that, that has all their net worth tied up in their files, they’d be willing to pay a lot more,” he said.

Via:https://www.bostonglobe.com/business/2015/04/06/tewksbury-police-pay-bitcoin-ransom-hackers/PkcE1GBTOfU52p31F9FM5L/story.html