Ransomware Hackers Hit Maine Police Central Server

John Lister's picture

Four police departments in Maine have paid $300 to cybercriminals after being hit by so-called "ransomware". Officials say they weighed up their response and decided they had no real choice but to pay up.

Ransomware is a form of malicious software which restricts access to certain parts of a computer it infects. Victims then see on-screen messages stating that a ransom must be paid to regain access.

In most cases, cybersecurity experts warn against paying such ransoms for three reasons. Firstly, it may mean getting added to a "suckers list" that can be sold on to other criminals who find it valuable to know which people are more vulnerable to repeat scams.

Secondly, the criminals may not live up to the promise of unlocking the files and instead demand further payments. Thirdly, if the victim hands over financial details as part of the payment, the criminals may try to steal even more money or sell the details on.

Hackers Likely Didn't View Files

In this case, the ransomware affected a shared server that linked together four police departments and a sheriff's office. The good news is that it doesn't appear the hackers were able to access any of the data, and instead simply hit it with extremely tough encryption that made the files unreadable. (Source: theregister.co.uk)

The police department fell victim to the attack and wound up having to pay the ransom thanks to the combination of two failures. The ransomware appears to have got onto the system after somebody opened a rogue email and clicked on a link that automatically installed the software. Officials say they'll step up efforts to educate staff about good online security habits.

Police Backup Failure Created Dilemma

The second failure was with a system that is supposed to back up the data. Had that been working, the police could have simply wiped the affected drive and replaced it from the backup.

Instead they concluded they would have to pay up as the data was too valuable to lose. The ransom, paid in the virtual currency Bitcoin, was the equivalent of US$318. Officials were only able to trace the recipient to a Swiss bank account. (Source: boothbayregister.com)

This isn't the first time a police department has paid a ransomware scam. In November 2013, the Swansea Police Department in Massachusetts was hit by CryptoLocker, in which they paid $750 to secure the release of their encrypted files.

What's Your Opinion?

Were the police right to pay the ransom? Does it set a bad example for ordinary citizens hit with such a scam? Is it worrying that the police didn't have an adequate backup of important data?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

Obviously this wasn't a targeted attack, otherwise the police would have paid a much higher price. Had the supposed "hackers" been watching to see who and what was being infected, the police would have likely had to pay in the thousands of dollars to release their encrypted files.

Hindsight is 20/20 and proper backups are worth their weight in gold.

femakahuna's picture

Does this software really prevent this type of attack? Are there any problems with using it? I know you can't fix stupid and good backups are a must.

hybridauth_Google_111273332135951939051's picture

you can do manually what CP does. The owner used to tell you the areas where the rules were being set and you could set them yourself through group or local policy rules. The problem is, the hackers are smart enough to not just use simple .exe files in in areas that don't normally have .exe files starting up, they've started using uncommon file types to start the process. It used to be you set policy restrictions in
C:\Users\username\AppData\Local\ (don't let .exe's start in this area) and were basically good to go. Like the saying goes, "the only thing that remains the same is, the fact that nothing remains the same." Every time the hackers devise a new way and new area to execute their code nothing can stop them until the new way is seen and noted then measures can be taken to stop it until it changes again. One way that CP has an edge is it can automatically check for updates from the owner when he figures out what they have changed.
One thing you can do if it's worth it to you is
1) backup
2) use a computer that only has 1 HDD with just the OS on it and transfer anything you've collected that day off that drive without connecting to your network. That way you may loose that OS but that's better than every HDD in your network. Don't think they can't tell when you connect to a network before executing their program.

scotindin's picture

Personally, I think it does set a bad example. My grandson, ended up with a ransomware on his RCA tablet, and even though I'm in a different state, so we did everything by phone, I was able to get it up and running. That's the short version. I received the call from my daughter asking if they should pay this money to the FBI, to which I replied that if it really was the FBI, they would be there with warrants and arrests some people. I told her it's ransomware, and asked if he had a amnual for it. THanks to Google search, I found one, for free. So between her, myself and an older grandson, we were able to reset it to factory state. That took care of the problem. I'm not saying that it would work for everyone, but sometimes you keep it simple, and sometimes you think outside the box and find ways to do things. Like doing backups! I would think that police departments would have an IT person who they could call, or at least someone who they knew that could take care of the problem. So, maybe not. We don't all do backups like we should, or as often as we should. Guilty here as well.
All in all, I think there are other ways to deal with criminals than to give them what they want when it comes to ransomware. I'm not downing the practices of the various police departments out there, attacked or not, but I am saying that they need to find some people who know what they're doing and call them in when needed. Also, first and foremost, set up backups! Then do it!

spacesallowed's picture

What your grandson had was not CryptoLocker. It doesn't pretend to be the FBI. As the article states, a backup plan failed to take place and when Crypto infected their system all documents that contain info were encrypted unlike the typical ransomware that threatens to tell the FBI (or claims to be the FBI) that you have child porn or some other illegal content on your computer. Unlike the PD, your grandson did not have information that he could not live without or you wouldn't have reset/wiped out that partition. You seem quick-to-judge when obviously you failed to read and/or comprehend the entire article.