14 DAY TRIAL // Ransomware with encryption capabilities strikes indiscriminately and police departments are far from being exempt, as the town of Tewksbury learned in December 2014, when the police had to pay the hacker’s fee in exchange for the data decryption key.
Giving in to such demands is firmly recommended against because it stimulates cybercriminals into continuing the ransomware practices; and the solution to avoid losing data if it gets encrypted via malware activity is as simple as possible: regular backups.
However, it seems that Tewksbury Police failed to maintain the backup process, and when a piece of ransomware reached its systems, it wreaked havoc, rendering the affected systems completely useless.
Multiple crypto-malware families, all relying on strong encryption
The fee asked by the cybercriminals was $500 / €460, paid in bitcoins, and they got it. With command and control (C&C) servers hidden in TOR, and by requesting digital currency that is difficult to trace, the crooks ensured themselves a safe profit.
It appears that one of the officers fell for phishing, one of the most common tricks in the cyber-scam book and opened a malicious email attachment that unleashed the crypto-malware on the computer.
Immediately after installation, the malware deployed its routines, leading to encryption of the largest data server used by the police department.
The threat is said to be a variant of CryptoLocker, although it can be any of the other families that have been detected over the past year; from CryptoWall to TorrentLocker and TeslaCrypt, they all include strong, public-key encryption that relies on a public key for encryption and a private one (which never stays with the attacker at all times) for decryption.
Up-to-date backup would have saved the day
The infection caused all the essential data (like records of all sorts, arrest logs, calls for service or motor vehicle matters) the police needed for their daily activity to be locked.
The police department could have avoided the jam had it kept its backup plan up and running. Instead, they neglected to create updated safe copies and store them in a location isolated from the regular network; the most recent files that could be recovered were created 18 months prior to the incident.
Police Chief Timothy Sheehan told the Town Crier publication that “nothing was lost,” referring to the data stored on the police computers. However, the cybercriminals were needed, once again, to teach law enforcement a lesson preached by the cyber security community since crypto-malware first emerged.