Police Dept Duped by 'CryptoLocker' Ransomware Scam

Dennis Faas's picture

Against the advice of security experts, a police department has paid a $750 ransom to cybercriminals who corrupted its file system using a 'ransomware' attack.

The Swansea Police Department in Massachusetts was hit by a virus called 'CryptoLocker'. It's not yet known how the virus got onto the police department's system, though the most likely explanation is that somebody opened an email attachment laced with the virus.

Many previous CryptoLocker infections have come through bogus emails claiming to carry a delivery note from a courier company.

The good news was that the virus didn't affect computers used for processing police reports and taking photographs of people who've been arrested. It also doesn't appear the virus creators were able to read any police data.

Word Documents Scrambled By Cryptolocker

However, it did cause two problems on the rest of the department's network. For one, some image and Microsoft Word files were scrambled, meaning they couldn't be opened and read by police.

Other files had their extensions changed, meaning that Windows no longer "knew" which applications to open them in.

The affected computers displayed a message with a countdown timer warning that when the time expired, all the files on the system would be deleted. It said the only way to avoid this would be to pay a fee to get a special "decryption key" that would fix the problem.

Staff at the department decided to pay up rather than risk having that happen.

The scammers refused to take payment by traditional means and insisted on being paid in Bitcoins, a virtual currency that allows direct payments between two people or organizations without the need for a financial intermediary (such as PayPal or a bank). (Source: heraldnews.com)

Bitcoin Payment Impossible to Track

Unfortunately, for the Swansea Police Department, it's virtually impossible to track Bitcoins and find out who was responsible for the CryptoLocker scam. The only information they have is an untraceable reference code, with no details about the physical location or identity of the person(s) who received the payments.

Security analysts have warned that it's best to avoid making payments when facing a ransomware scam. In many cases the threat to delete files is a bluff, while in others paying the money doesn't get you the promised decryption key. (Source: us-cert.gov)

The incident has also caused embarrassment for Swansea police. Both online and in "real world" situations, law enforcement agencies consistently advise victims to never pay ransoms, as such payments only encourage future attacks.

Rate this article: 
No votes yet