- Woman says Lyft driver tried to kidnap her 6 Years Ago
- Debunking the right-wing conspiracy theories from today’s impeachment hearing Today 4:29 PM
- Maroon 5 approves of the latest TikTok trend Today 3:54 PM
- ‘One month left in the decade’ meme wants to know what you’ve accomplished Today 3:53 PM
- Facebook Pay is the latest way to send your friends money Today 3:31 PM
- Diving into ‘The Mandalorian’s first big shocker Today 3:17 PM
- Disney+ will allow password sharing—to an extent Today 1:12 PM
- Black server says manager refused to discipline coworkers who sent racist receipt Today 12:47 PM
- Who is Jonah Hauer-King, Disney’s new Prince Eric? Today 12:47 PM
- Cut Katherine Langford ‘Avengers: Endgame’ scene lands on Disney+ Today 12:22 PM
- Planned Parenthood app to show abortion-seeking users their nearest options Today 12:21 PM
- ‘The Imagineering Story’ offers touching insight into Walt Disney’s vision Today 11:57 AM
- YouTube mom who was charged with child abuse dead at 48 Today 11:39 AM
- Every Marvel Cinematic Universe movie and show missing from Disney+ (and when they’ll show up) Today 11:35 AM
- HBO Max is planning a ‘Friends’ reunion special Today 11:10 AM
Facing virus, these police did exactly what you’re not supposed to do
According to one security researcher, “police departments tend to be among the worst at cyber security.”
Law enforcement authorities typically advise against paying ransoms to criminals. That is, unless the targets of the extortion plot are the police themselves.
The local police department in Swansea, Mass., reportedly paid two Bitcoins (approximately $750 at the time of the transaction) to hackers after having its computer system compromised by the CryptoLocker virus.
‟It was an education for those of us who had to deal with it,” Swansea Police Lt. Gregory Ryan told the Fall River Herald News.
Ryan said, despite the security breach, no personal information of citizens was directly accessed or viewed by anyone outside the department. “The virus is not here anymore,” Ryan added. “We’ve upgraded our antivirus software. We’re going to try to tighten the belt, and have experts come in, but as all computer experts say, there is no foolproof way to lock your system down.”
After infecting a computer system, typically through a user downloading an attachment containing the malware program, CryptoLocker encrypts the host’s files and then demands payment within a limited time frame, usually 72 hours, or else the key to restore the files to their original state will be shredded forever.
Payment for CryptoLocker is typically accepted in the form of the digital currency Bitcoin. Being paid in bitcoins, which doesn’t require an intermediate financial institution in the parties’ transaction, allows the hackers to accept payment while remaining anonymous.
In a statement in eSecurityPlanet, Tripwire security researcher Ken Westin slammed Swansea police for setting a bad example. ‟Essentially the police in Swansea, Massachusetts have negotiated with terrorists,” charged Westin. ‟I’ve done a lot of work with law enforcement agency security and, unfortunately, police departments tend to be among the worst at cyber security. Law enforcement is one of the most insecure areas of local governments because there is a lack of training in new technology and it is difficult to get them to adopt new processes.”
Anti-malware firm Bitdefender told Networkworld that CryptoLocker claimed some 10,000 victims between Oct. 27 and Nov. 1 alone. The majority of the infected computers have been in English-speaking countries like the United States, the United Kingdom, and Australia.
Cybersecurity experts at places like Naked Security and the U.K.’s National Crime Agency have advised against paying the yet to be identified hackers behind the CryptoLocker virus. The fear is that each successful instance of data extortion will only embolden the criminals to continue their campaign against the world’s computer systems. Of course, this stoic stance is easier said than done when the files in question aren’t backed up in a separate location and shelling out for an external IT firm to restore them would likely end up being far more expensive than simply paying the ransom.
As CryptoLocker infects more and more computer systems, the hackers behind it have become increasingly business-savvy. They’ve now added a late payment option for victims who don’t pay up within the initially allotted time frame. There is one catch: the price skyrockets from two bitcoins up to 10. Considering how Bitcoin has wildly shot up in value recently, jumping from about $200 to over $600 in just 30 days, late payment is an extremely expensive proposition.
Photo by Don Hankins/Flickr
Aaron Sankin is a former Senior Staff Writer at the Daily Dot who covered the intersection of politics, technology, online privacy, Twitter bots, and the role of dank memes in popular culture. He lives in Seattle, Washington. He joined the Center for Investigative Reporting in 2016.