Ransomware equipped with encryption capabilities has been victimizing police departments rather indiscriminately nowadays.
Although paying ransom to hackers is not recommended because it encourages cybercriminals to continue adopting these measures to obtain money via blackmailing but in order to avoid losing data that has been encrypted through malware activity is next to impossible.
The only remedy is to create regular backups but apparently Tewksbury Police Department couldn’t maintain the backup and therefore, when ransomware penetrated its systems, the entire system became useless.
In December 2014, the town of Tewksbury learned it the hard way when the police had to pay ransom to retrieve the data encryption key from the hackers.
The hackers then asked for €460/$500 in bitcoins and they received the fee they demanded. Through the hidden Command and Control (C&C) services of TOR and by asking for the ransom in digital currency that’s hard to track, the hackers ensures safe profit for themselves.
Evidently, one of the officers fall prey to phishing, which is amongst the most commonly adopted tricks in the online scam methodologies, and opened an infected email attachment that ultimately got the crypto-malware installed on the computer system.
Soon after installation, routines of malware were deployed that led to encryption of the biggest data server used by the police.
It is reported that the threat is a variant of Cryptolocker but it also can be from any of the families that over the past year had been detected, that is, TorrentLocker, CryptoWall and TeslaCrypt. All of these include powerful, public-key encryption that depends on a public key for encryption but a private key for decryption.
An example of browser locking for Ransomware.
Due to the infection, all the essential data such as arrest logs, motor vehicle matters, service calls and all sorts of records that the police required to conduct their day-to-day professional activities were locked.
This jamming of data could have been avoided it the police department had maintained an up-to-date data backup and had relied upon a fool-proof backup plan. Conversely, the police ignored this requirement and did not create updated backup copies nor did they store data at a location that was isolated from the regular network. The latest copies of recoverable files were created almost 18 months before the incident occurred.
According to police chief, Timothy Sheehan, “nothing was lost,” informing the state of stored data on police computers. Nonetheless, once again the services of cybercriminals were required to teach law enforcement a lesson that the cyber security community has been preaching ever since crypto-malware emerged.
This is not the first time when a police department in the United States has to pay ransomware in order to get hold of their own documents. Last month Midlothian Village, Illinois, Police Department became the target of ransomware having file-encryption capabilities and hence, the department had to give in to the demands of the hackers for retrieving sensitive police records.
