Homeland Security Watch

News and analysis of critical issues in homeland security

April 13, 2015

“Security experts generally say to always have a backup and to never pay the ransom.” However….

Filed under: Cybersecurity — by Christopher Bellavita on April 13, 2015

From Networked World:

Megacode ransom paid to decrypt server shared by 5 law enforcement departments in Maine

After a law enforcement server shared by three city (town) police departments and a sheriff’s office was infected with ransomware and the cops in Maine chose to pay a bitcoin ransom to decrypt the files, what moral of the ransomware story did the sheriff learn? Lincoln County Sheriff Todd Brackett told the Boothbay Register, “Next time, we’ll just pay the ransom on the first day and be done with it. It’s like a jail — it’s very safe and secure, but that can mean nothing if you leave the door unlocked.”….

Sheriff Brackett said he was “initially reluctant to pay the ransom” as it “goes against the grain,” but he authorized the payment [of around $300] “on the advice of specialists who were familiar with the ransomware and worked with other users it infected.”….

Looking for a bright side, Sheriff Brackett said the affected law enforcement departments are now “aware of such scams” and “how to deal with them.” More training is on the horizon, he said. “We’ll have more virus protection training where we go over how to tell if something might be a virus. Sometimes, it’s hard to tell, but you’ve got to keep an eye out for some of these documents that people (email) you. Sometimes it can be hard to tell if it contains a virus.”

Tracking down the cyberthugs behind megacode is allegedly a low priority for the FBI, which would neither confirm nor deny if it was investigating the ransomware dubbed a “common virus” by the sheriff who told WCSH6 that the FBI traced the bitcoin ransom payment to a deposit in a Swiss bank account before the “trail went cold.”

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

April 14, 2015 @ 9:04 am

WOW! And federal input on the event and decision to pay?

Comment by Wayne

April 14, 2015 @ 10:12 am

The incident was reported to the FBI, Sheriff Brackett said. However, it is not a high priority for them because of the small amount of money involved and the sheer volume of cybercrimes.

“It’s a common virus that the FBI is aware of,” Brackett said. “They are looking into it, but it is not a high priority case for them. It speaks to the cleverness of these folks. They keep the amount of money they request small enough so they don’t draw a lot of attention.”

Interesting side note, there was a second geographically seperate police department that also got caught. From the Bangor Daily Snooze today:

Houlton Police Chief Joe McKenna confirmed Monday afternoon that his department was one of a handful in the state to be affected by a virus commonly referred to as “ransomware.”

In Houlton’s case, the ransom wound up being about $588. It was paid in bitcoins, a form of online currency that is difficult to trace. However, when factoring in the costs of tech support to research the problem, McKenna said the actual out-of-pocket cost to the town was about $1,400.

McKenna said the cyberattack was his fault as he inadvertently opened an email that contained the virus attachment while going through his inbox.

“I have been getting quotes on different pieces of equipment that we are replacing,” McKenna said. “Amongst all those emails was an email with a lady’s name, stating ‘your quote is attached.’ I didn’t think anything about it, so I opened it up.”

McKenna said the attachment was an empty document, so he closed it, figuring the individual must have made a mistake when emailing, and shut off his computer.

Not surprising, the email account was traced to Europe, the funds went into a Swiss Bank Account and “disappeared” after that.

Comment by Wayne

April 15, 2015 @ 1:23 pm

Apparently this is becoming a broader issue…
Source: The Eagle-Tribune, North Andover, Mass.

April 15–SALISBURY MASS. — The Salisbury Fire Department was recently struck by a computer virus that wiped out documents and forced the shutdown of its dispatch center for a time.

The department suspects it might be the same virus that struck the Tewksbury Police Department in December, which encrypted all its data, then demanded a ransom to provide the key needed for decryption.

“They paid the ransom,” said Salisbury Fire Chief Rick Souliotis.

Since 2013, similar episodes have occurred in a number of law enforcement agencies nationwide. Some paid the ransoms, which range from $500 to $600, and received the code needed to get their information back in useful format, according to published reports.

RSS feed for comments on this post.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>