Not even law enforcement is immune to CryptoLocker, and the police force in Swansea, Mass., recently had to pay $750 in Bitcoins to recover images and documents that had been encrypted by CryptoLocker.
The Swansea Police Department said the virus did not affect the software that the police use for reports or booking, and that the CryptoLocker virus did not provide outside access to files.
“It was an education for (those who) had to deal with it,” Swansea Police Lt. Gregory Ryan told The Herald News. “(The Cryptolocker virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of.”
As IBTimes has previously reported, the CryptoLocker virus is spread through phony tracking links purporting to be from UPS or FedEx. After it installs itself, CryptoLocker scans the hard drive and encrypts pictures, documents, Adobe Photoshop projects and more. The Cryptolocker virus demands a ransom to be paid in Bitcoin before a ticking clock expires. If it is not, Cryptolocker destroys the decryption key and the user may never regain access to the files.
Security experts and the U.S. Computer Emergency Readiness Team urge people afflicted by CryptoLocker not to pay the ransom, but instead report the incident to the FBI’s Internet Crime Complaint Center. Users should regularly back up important files on external hard drives.
“The only reason this type of attack success is because people are willing to pay up,” John Hawes wrote on the Sophos blog, questioning the moral validity of a police department paying money to criminal hackers. “If no one ever paid, there would be no ransomware.”
Even if the Swansea police were hoping to retrieve files relevant to an open case, it’s likely that the files could no longer be used as evidence after a third party was able to tamper with them. There’s also the question of why the police department was not in the practice of backing up its important files.
“If we can’t rely on the people enforcing our laws to stand up to criminals, then we’re in trouble,” Hawes said.