Stories regarding Bitcoin-related ransomware keep making headlines all across the globe these days. Mainstream media like to criticise Bitcoin for its alleged affiliation with computer hacking, illegal products, and pyramid schemes, all the while fiat currency is being used for those exact purposes for decennia. Now that national police forces are being confronted with the Cryptolocker ransomware, it is time to put things a bit more into perspective.
Tewksbury Police Department
When it comes to accessing critical data for the Tewksbury Police Department, such as arrest and incident records, this has become a bit of a trivial task as of late. The computer system in use by most police forces is outdated and vulnerable to attack – and that is putting it mildly – as there is hardly any investment in upgrading existing hardware, software or security.
However, when the problem persisted for a lengthy period, the Tewksbury Police Department decided to call in a technician to get this problem sorted as soon as possible. After some research by this technician, the issue for the ongoing problem became adamantly clear; Tewksbury Police Department computers had been infected with ransomware.
Even though the Tewksbury Police Department is not the first police force to encounter this ransomware infection, it is becoming an increasingly difficult problem to tackle. It is pertinent that law enforcement and police forces have access to their critical data at all times, which makes them a perfect target for ransomware developers in order to make some quick – and untraceable – money on the side.
“My initial thoughts were we were infected by some virus. Then we determined it was a little bit bigger than that. It was more like cyberterrorism,” Tewksbury Police Chief Timothy Sheehan told the media. As is always the case with a ransomware infection, it was spread via a malicious email or link that someone clicked on.
Ransomware infects a computer by encrypting all files that relate to a certain file extension, and in order to regain access to these files, the victim needs to pay a small sum – usually between US$300 & US$500. Granted, there are solutions to the most popular “breed” of ransomware – called CryptoLocker – but there have been many alternatives popping up all over the world, for which no free solution has been found just yet.
Not The First Law Enforcement Agency Being Targeted
Ransomware infections have been spreading like wildfire, and high-profile targets – such as police forces, national law enforcement agencies, and even universities – are more likely to pay the requested sum as they need access to vital data at any given time. This would also explain the rise in ransomware attacks – a survey showed that 41% of victims would pay up in order to regain access to their files.
Over the past year and a half, CryptoLocker – which forces you to pay in Bitcoin to decrypt your files – has targeted Police Departments in Swansea (US$750), Midlothian in Chicago (US$500), Dickson County (US$572), Durham (no bill paid due to back up of all valuable data) and Collinsville (no bill paid, but no files were recovered). This is just an indication of how ransomware spreads and, regardless of your function or computer knowledge, can infect anyone in any place at any time.
But there is some positive news to this story. An investigation shows that, even if the files remain encrypted, no data is actually stolen from the infected computer(s). In regards to the Police Departments being targeted, none of their sensitive information has been leaked online after a ransomware infection either.
In the case of the Tewksbury Police Department, the ransomware their machines were infected with explicitly demanded a Bitcoin payment to be sent through the Tor network. Bitcoin payments are semi-anonymous and can not be reversed like traditional online payment methods, making it more attractive for hackers and hoodlums.
“You get inside of a pharmaceutical company or something like that, that has all their net worth tied up in their files,” computer security analyst Brian Krebs said, “they’d be willing to pay a lot more.”
All images courtesy of ShutterStock