14 DAY TRIAL // The computer systems of the police department in Collinsville, Alabama, U.S., have been affected by a ransomware Trojan that keeps all the files captive until a sum of money is paid.
The attack was conducted via phishing when an employee opened an email attachment carrying the payload. The malware spread to a total of seven computers and put important files, such as criminal mug shots or videos from crime scenes, under a lock until the ransom demand is paid.
Chief Gary Bowen says that the ransom will not be paid, even if the backup system that should allow retrieving most of the encrypted data does not function properly and the department may have to start working from scratch.
The department has contacted the FBI's cyber unit to investigate and, according to Assistant Chief Rex Leath, authorities may already have a suspect in custody. “I think the FBI has arrested a guy from Russia who was tied in with these people at one time. This is very inconvenient, and being hacked can come in the form of an email an attachment and you click on it and they're there,” he said.
Assistant professor in the Criminal Justice Department at the University of Alabama, Dr. Diana Dolliver told The Gadsden Times that police departments have become a frequent target for this type of attacks.
Unless awareness is raised about phishing scams, and education is provided to spot the fake emails, police departments are susceptible to ransomware, as well as other forms of malware, because emails heading their systems can impersonate messages from other departments, like an update for a file.
“I think the most important thing is training people not to open a link unless they are absolutely certain it is legitimate,” said Dolliver.
There is no information on the Trojan that infected the computer systems, but it immediately proceeded to encrypt the data.
In a similar case, Cryptowall encrypted the data on the computers of the police department in Durham, New Hampshire. No ransom was paid to get the decryption key from the cybercriminals because a backup system was in place and allowed retrieving the affected files.
However, breaching the database of a law enforcement entity has serious consequences because they work with information about criminals. Under the suspicion of unauthorized access, the details are compromised and can no longer be used in court for fear of having been tampered with.
Of course, forensic analysis can determine if modifications have occurred, especially if backup files are available.