An Illinois suburban police department recently paid a $500 ransom to an unknown hacker to decrypt and regain access to data from a police computer the hacker managed to infect and hold for ransom.
The Midlothian department was hit with a computer virus known as Cryptoware, back in January, Calvin Harden Jr., an IT vendor who works within the village told ChicagoTribune.
Cryptoware is a piece of malware that infects a victims computer, automatically encrypting the machines data to render it inaccessible while demanding a fee, essentially holding it for hostage. Hackers fee’s can range from $100 all the way to the hundreds of thousands. A main issue with the malware is if you pay the ransom, it is unknown if you will receive the code to decrypt data and gain access to the machine again.
The hacker gained access to the machine via a remote infection, requesting authorities pay the hacker $500 worth the anonymous cryptocurrency, bitcoin.
“It didn’t encrypt everything in the police department. It was just that computer and specific files,” Harden assured.
Hackers did not access information within the computer, but merely infected it rendering the machine inoperable.
Just last year the Federal Trade Commission and FBI issued public warnings to consumers and businesses about the virus making its rounds, saying it’s “essentially extortion.” Midlothian authorities cited they are not the first government agency to fall victim to the cyberattack.
Elwood’s top cop and president of the Illinois Association of Chiefs and Police, Fred Hayes, said the attack is becoming more common and federal authorities need to be in touch about it. He later advised all departments back up their data securely.
“This is something that quite a few people recently, and when I say recently (I mean) over the last year or two, have been experiencing,” Hayes said.
Midlothian Police Department pinpointed the hack back to an officer opening an email containing the virus, essentially giving the hackers the keys to turn off the machine. A message then later popped up demanding the department pay the ransom in exchange for a virtual decryption code that will then allow them to access the machine.
Midlothian police chief confirmed the department had suffered an attack, but declined to comment on the incident.
Midlothian mayor, Neither Kaufman, and the village clerk chose not to respond when asked whether the hacker would be pursed or not, but Harden said he believes officials will do so. FBI spokeswoman declined to confirm whether the village made an FBI aware incident. An FBI aware incident is when companies contact the FBI to notify federal officials the company has suffered an attack, possibly allowing hackers access to sensitive information.
Recently president Obama proposed a national data breach disclosure standard, forcing hacked companies to notify the public of the breach within 30 days of the company’s knowledge.
Authorities released a copy of the town’s invoice to hackers, reading “for MPD virus” next to the total of $606, to order a bitcoin cafe located in New York to transfer the money to the hackers wallet. The payment included bank fees and surchargers, adding an additional $106 in fees to the hackers original demand.
Officials tried to bargain and wire the money through Bank of America, but Harden said the department couldn’t.
Harden said the village had a hard time making a decision on whether or not to comply with the hackers demand, but chose pursuing the hacker might be more trouble than it’s worth.
“Because the backups were also infected, the option was to pay the hacker and get the files unencrypted,” Harden told reporters, “which is what we decided to do.”
Harden said he believed the hacker’s actions were criminal, which is why he believes the hacker requested to be paid in bitcoin, in what he described as a “pretty much untraceable” payment method.
This is not the first time a police department has been hit with the malware, last year Tennessee’s sheriff’s office paid a hacker known as Nimrod Gruber, $572 to regain access to their machine. Detroit, who previously had their entire city’s database encrypted due to ransomware, refused to pay the ransom demanding over $800,000.
“Chiefs across the entire nation are concerned with the growing trend of computer crime,” Mike Alsup, co-chair of the Communications and Technology Committee for the Illinois Association of Chiefs of Police told reporters. “Hardly a day goes by that we don’t see in both the print and audio media, we hear of instances of computer crime, computer hacking, large organized criminal groups internationally that are stealing through the use of computers.”
Harden said while working for a law firm last year, the company experienced a similar virus, adding it was “happening to people every day.”
The main issue with cops paying the ransom is it shows crime pays, displaying that the police paid the ransom instead of investigating the incident. Authorities should be the first stop to show crime does not pay, nor will it in the future.
Another issue is the Midlothian department gambled their database on the $500 asking fee. The main issue with ransomware is not knowing if you are going to get the decrypt code after paying. Some versions of the malware give victims the code, while others do not.
Midlothian police department made a risky choice paying the ransom, if it was the right choice might show over time.