I always thought the US didn’t negotiate with terrorists, not even cyber-terrorists. Guess I was wrong.
Cryptoware Attack Nets Over 2 Bitcoins
cryptowareSouth of Chicago, Illinois, the small Midlothian police department was subject to a criminal Cryptoware attack by an unknown hacker. The perpetrator disabled a police computer, rendering it inaccessible through his encryption program labeled Cryptoware. As far as police know, the computer’s information was not taken, and the computer was just disabled to net a ransom of $606, or about 2.4 BTC, at today’s rates.
“It didn’t encrypt everything in the police department. It was just that computer and specific files, not the entire system,” said Calvin Harden Jr., an information technology vendor who works with the small village, and worked with the police on overcoming this threat. “Because the backups were also infected, the option was to pay the hacker and get the files unencrypted,” Harden said, “which is what we decided to do.”
Cryptoware seems to have become a popular form of digital crimeware, with Detroit and precinct’s in Tennessee also being subject to its infection within the last year. According to Fred Hayes, president of the Illinois Association of Chiefs of Police, this kind of attack is becoming more common. His advice to departments is to back up their data.
“This is something that quite a few people recently, and when I say recently (I mean) over the last year or two, have been experiencing,” Hayes said.
The virus was spread by an email sent to the machine, which activated the virus upon opening. The message about the over $600 Bitcoin ransom became emblazoned upon the screen after that, stating a code would be sent to release control of the machine after payment was made. The Chicago Tribune made a Freedom of Information request, and the Midlothian Village released an invoice stating they paid over $600 “for MPD (Midlothian Police Department) virus.” It also revealed that they sent the payment to a Bitcoin cafe in New York. The option of not complying with the demands was discussed, but the department decided to make the payment. This was given the fact that chasing an out of town criminal might be more trouble than a mere $600 ransom.
“Chiefs across the entire nation are concerned with the growing trend of computer crime,” Mike Alsup, co-chair of the Communications and Technology Committee for the Illinois Association of Chiefs of Police said. “Hardly a day goes by that we don’t see in both the print and audio media, we hear of instances of computer crime, computer hacking, large organized criminal groups internationally that are stealing through the use of computers.”
On the surface, extorting less than 3 BTC from a law enforcement office would seem foolish, given the risk potential. It seems the amount was so small that it worked in this instance. Maybe the hacker was trying to stay within a petty larceny threshold. Maybe this was a test for an upcoming larger scale attack. As law enforcement starts to practice dealing with these cyber-threats, what will be the next shoe to drop? Are these just small-time conmen, or is this a growing national criminal phenomenon that is ready to make a major score in the near future? We’ll keep you posted.
At least it gets the Cops into adopting BTC, they’ve got to get their coins from somewhere to pay the ransom, right?