Hackers use Cryptoware against Police for Bitcoin ransom


#1

I always thought the US didn’t negotiate with terrorists, not even cyber-terrorists. Guess I was wrong.


Cryptoware Attack Nets Over 2 Bitcoins

cryptowareSouth of Chicago, Illinois, the small Midlothian police department was subject to a criminal Cryptoware attack by an unknown hacker. The perpetrator disabled a police computer, rendering it inaccessible through his encryption program labeled Cryptoware. As far as police know, the computer’s information was not taken, and the computer was just disabled to net a ransom of $606, or about 2.4 BTC, at today’s rates.

“It didn’t encrypt everything in the police department. It was just that computer and specific files, not the entire system,” said Calvin Harden Jr., an information technology vendor who works with the small village, and worked with the police on overcoming this threat. “Because the backups were also infected, the option was to pay the hacker and get the files unencrypted,” Harden said, “which is what we decided to do.”

Cryptoware seems to have become a popular form of digital crimeware, with Detroit and precinct’s in Tennessee also being subject to its infection within the last year. According to Fred Hayes, president of the Illinois Association of Chiefs of Police, this kind of attack is becoming more common. His advice to departments is to back up their data.

“This is something that quite a few people recently, and when I say recently (I mean) over the last year or two, have been experiencing,” Hayes said.

The virus was spread by an email sent to the machine, which activated the virus upon opening. The message about the over $600 Bitcoin ransom became emblazoned upon the screen after that, stating a code would be sent to release control of the machine after payment was made. The Chicago Tribune made a Freedom of Information request, and the Midlothian Village released an invoice stating they paid over $600 “for MPD (Midlothian Police Department) virus.” It also revealed that they sent the payment to a Bitcoin cafe in New York. The option of not complying with the demands was discussed, but the department decided to make the payment. This was given the fact that chasing an out of town criminal might be more trouble than a mere $600 ransom.

“Chiefs across the entire nation are concerned with the growing trend of computer crime,” Mike Alsup, co-chair of the Communications and Technology Committee for the Illinois Association of Chiefs of Police said. “Hardly a day goes by that we don’t see in both the print and audio media, we hear of instances of computer crime, computer hacking, large organized criminal groups internationally that are stealing through the use of computers.”

On the surface, extorting less than 3 BTC from a law enforcement office would seem foolish, given the risk potential. It seems the amount was so small that it worked in this instance. Maybe the hacker was trying to stay within a petty larceny threshold. Maybe this was a test for an upcoming larger scale attack. As law enforcement starts to practice dealing with these cyber-threats, what will be the next shoe to drop? Are these just small-time conmen, or is this a growing national criminal phenomenon that is ready to make a major score in the near future? We’ll keep you posted.

Source: CryptoCoinsNews


At least it gets the Cops into adopting BTC, they’ve got to get their coins from somewhere to pay the ransom, right? :slight_smile:


#2

That’s most of my bitcoin customers anymore, those infected with a cryptowall or similar virus. Someone is always calling needed to pay a ransom. Cops, Home Improvement Stores, even a local utility company needed btc last week. It’s crazy most pay it and get nothing. I tell them it’s a waste, they all say it’s a last resort to save their files. A crazy world we live in! :smile:


#3

Yea this comes up all the time for us. I have had to bail lots of people out paying lots of BTC ransoms for users that don’t have a good enough backup. We even had one of our customers open and email, infecting their computer, then forwarding the email on to a colleague because he couldn’t open it, when she couldn’t open it also he made here pass onto a 3rd user. Then people had no backup and infected everything on their local work stations and network shares with 3 different encryption so they had to pay the ransom 3 times. It all worked out in the end and I made a little BTC being the middle man ;).


#4

So you guys are basically saying that the key to “mainstream adoption” would be a cryptoware-super-hydra-worm infecting as many systems as possible so everyone has to buy bitcoins?? :slight_smile:


#5

Can we adapt that logic to burgers


#6

Dunno, did you ever email one? :slight_smile:


#7

Yeah but it was stale


#8

Every one of our customers that has paid the ransom has got 100% of files back. There is a time limit on most of them of about 24 hours so need to act quick. Lucky in Australia I can get BTC within the hour during business hours.


#9

Someone needs to rethink their backup strategy.


#10

Anyone remember them good old days when those pesky little Powerpoint presentations send by email would make it around the company network like a wildfire infecting every single machine? Haven’t seen any of those going around for years now.

[quote=“CaptainObvious, post:9, topic:1375, full:true”]
Someone needs to rethink their backup strategy.[/quote]

Encrypted cloud storage preferable on two different clouds. The main problem is not just the back-up strategy of companies but the careless handling and forwarding of emails and files by employees. Another problem is employees installing private or 3rd party applications on company workstations, big issue.

I moved the majority of my stuff to the cloud a good two years ago and always recommend a similar approach to my clients. In theory my HD could die right now and I would only lose the files currently on my desktop and some installed applications. Everything else is stored and in constant sync with google drive and dropbox. I manage my projects and teams through redbooth (former teambox), my notes are on evernote and I use Chrome as browser with different profiles and the important stuff is PGP encrypted :slight_smile:

So a system restore for me pretty much looks like this:

  • Install windows
  • Setup chrome
  • Sync g-drive and dropbox
  • Restore the installed applications from backup file
  • Continue working :slight_smile:

#11

None of my users have local admin rights so nearly every infection I come across is confined to the user’s profile.
All documents are remapped and synced to server-side user folders. Previous versions turned on and backed up 3x daily.
Full backup every day to local storage. Dump to tape and taken off site every Monday morning.

Coupled with a well thought out group policy, viruses are easy to fix here. Delete the user profile on the computer and restore the document folder to the last good version.

Verified resolved.
Closing ticket.


#12

Yep all our affected customers now have a great backup strategy, most of them now use our offsite backup service to store important files in a secure data center which is mounted during backup then dismounted so out of cryptoware’s reach :slight_smile:


#13

I’m glad that GH has @AnimoEsto, he got our grid covered :laughing:


#14

Easiest way is to disable EXE’s from running in any of the c:\users area

We havent had any issues with it at all… and we wont :wink:


#15

Yeah cause we don’t have c:\users and .exe :laughing:


#16

No but we have you @cyberdexter - after todays antics that was enough :stuck_out_tongue:


#17

…points at @nemesio - it’s all his fault, everything!


#18

I’ve found that the most serious issues can typically be isolated to the area between the keyboard and the chair.


#19

image