More like this

Data Center

Arrow

Servers

Welcome to the FUTURE: Maine cops pay Bitcoin ransom to end office hostage drama

Don't run bad stuff from the internet, people

Ransom note saying "Pay Up" in blackmail type
Credit: Jared C. Benedict

Blundering cops in Maine, US, have enriched malware masterminds by paying up to decrypt files held hostage by ransomware.

Four city police departments and a sheriff's office in Lincoln County share a common computer network run by Burgess Computer, which hosts the plods' administrative files.

Then one day the entire system was encrypted by the Megacode ransomware, which scrambles documents and demands Bitcoins to decrypt them.

This sort of malware typically scans computers and networks for documents, generates a random encryption key per file, uses those to encrypt the data, and then encrypts the keys using a public-private key pair. Only the crims have the private key needed to unscramble the documents, and it costs money to obtain that, effectively holding the information to ransom. Victims have a few days to pay up before the private key is deleted forever.

After trying to restore the encrypted files for a couple of days, the police in Maine decided to pay the $300 ransom in Bitcoins.

"Paying a ransom - let's say it goes against the grain," Sheriff Todd Brackett told the Boothbay Register. "We tried to find a way around it, but in the end our IT guys and Burgess recommended just paying the ransom."

The infection kicked off when someone on the police network ran an executable downloaded from the web via a link in an email, it's believed. This installed the malware, which spread to the main server and began encrypting all the data it could find.

"We'll have more virus protection training where we go over how to tell if something might be a virus," Brackett said. "Sometimes, it's hard to tell, but you've got to keep an eye out for some of these documents that people [email] you. Sometimes it can be hard to tell if it contains a virus."

The normal way of dealing with ransomware is a complete disk wipe followed by a reloading of offline backup files, but in this case the backup system hadn't worked properly, so the cops had no choice but to pony up the digital cash.

"No personal data was mined - it looks like they didn't take any information," Brackett said. "We had to pay the ransom, but it looks like nothing was extracted from the server."

While the infection has caused red faces, Maine's police are not alone in getting caught out by ransomware. Cops in Massachusetts were forced to pay up in a similar situation last week, and it's not the first time they have been stung.

The problem with ransomware is getting much worse these days, as malware writers have cottoned on to the fact that it's easier to get paid a ransom rather than have to go through all the tricky business of stealing identities from stolen information, or risk selling that information on forums.

The FBI is now offering millions in reward money to catch the crooks behind some ransomware. In the meantime, never, ever execute an attachment or download from an untrusted source. ®

Sponsored: Global DDoS threat landscape report