Local weekly newspaper the Town Crier reports that Tewksbury, Massachusetts police have paid a $500 ransom after a version of the CryptoLocker ransomware encrypted essential files and rendered their network unusable. The initial infection was determined to have happened on December 7th when it entered the police department's network through the computer of the Officer in Charge. The malware's presence was not discovered until the next day.
The police department refers to the event as an act of cyber terrorism and in an effort to avoid paying the ransom managed to involve: Massachusetts State Police, the Federal Bureau of Investigation, the United States Department of Homeland Security Cyber Emergency Response Team, and an unspecified number of private firms. The server containing essential files to which the infection had spread from from the Officer in Charge's computer was taken to a Homeland Security Fusion Center1 in Maynard which covers the Commonwealth of Massachusetts.
There is no total figure available for the full cost inflicted by the multi agency investigation though $19,604 was paid to Delphi Technology Solutions, the firm which handled the ransom payment for Tewksbury. Tewksbury has also entered into an ongoing contract with Delphi to harden their network against attack for 6.5 hours weekly through the 2015 fiscal year which will diminish to 4 hours weekly in Fiscal year 2016. No figure was given for the hourly figure being paid to retain Delphi on an ongoing basis. A further $6,878 was spent on a new firewall and domain server.
Police in the United States paying ransomware demands is continuing and disturbing problem. Other government entities in the United States and abroad have been hit by ransomware. The City of Detroit when it faced ransomware chose not to pay. For some reason though "Law Enforcement" agencies in the United States would rather transfer money and wealth to criminals than own the operational failings that create their predicaments.
It is nothing less than rank hypocrisy that on one hand Tewksbury police would categorize this ransomware incident as a form of Terrorism while on the other funding further Terrorism by paying the ransom. Paying a ransom to recover files accomplishes little in the long run beyond keeping ransomware authors from starving. The last serious reported rate of conversion on ransomware infections was 1.44% and at $500 per ransom paid spreading ransomware appears more profitable previous sales or marketing effort on the Internet. Police in the United States appear to be one of the largest contributors to that profitability.
In the case of Tewksbury Police they had been conducting backups, but for some reason the most recent useful backup was 18 months old. They further claimed that paper records could not recreate all of the data that they had lost. Rather than accepting their own operational lapses and failings would leave a gap in their records, the Tewksbury police consciously and actively made the decision to fund a person or persons engaged in an activity they described as a type Terrorism in the name of their own convenience.
Previously a Homeland Security Fusion Center in Illinois had concluded a municipal water pump was hacked by a Nation State Actor, later mundane mechanical investigation would reveal that in reality the pump had burned out as pumps tend to do. ↩
Some good soul should do one of those who do not keep their promises: that is, the person transfers the bitcoins and the files are not released. Only in this way the idiots will stop funding criminals and invest in real security.