Maine cops pay Bitcoin ransom to end office hostage drama

island14 · 04-14-2015, 10:59am

Quote:

Blundering cops in Maine, US, have enriched malware masterminds by paying up to decrypt files held hostage by ransomware.

Four city police departments and a sheriff's office in Lincoln County share a common computer network run by Burgess Computer, which hosts the plods' administrative files.

Then one day the entire system was encrypted by the Megacode ransomware, which scrambles documents and demands Bitcoins to decrypt them.

This sort of malware typically scans computers and networks for documents, generates a random encryption key per file, uses those to encrypt the data, and then encrypts the keys using a public-private key pair. Only the crims have the private key needed to unscramble the documents, and it costs money to obtain that, effectively holding the information to ransom. Victims have a few days to pay up before the private key is deleted forever.

After trying to restore the encrypted files for a couple of days, the police in Maine decided to pay the $300 ransom in Bitcoins.

"Paying a ransom - let's say it goes against the grain," Sheriff Todd Brackett told the Boothbay Register. "We tried to find a way around it, but in the end our IT guys and Burgess recommended just paying the ransom."

The infection kicked off when someone on the police network ran an executable downloaded from the web via a link in an email, it's believed. This installed the malware, which spread to the main server and began encrypting all the data it could find.

"We'll have more virus protection training where we go over how to tell if something might be a virus," Brackett said. "Sometimes, it's hard to tell, but you've got to keep an eye out for some of these documents that people [email] you. Sometimes it can be hard to tell if it contains a virus."

The normal way of dealing with ransomware is a complete disk wipe followed by a reloading of offline backup files, but in this case the backup system hadn't worked properly, so the cops had no choice but to pony up the digital cash.

"No personal data was mined - it looks like they didn't take any information," Brackett said. "We had to pay the ransom, but it looks like nothing was extracted from the server."

While the infection has caused red faces, Maine's police are not alone in getting caught out by ransomware. Cops in Massachusetts were forced to pay up in a similar situation last week, and it's not the first time they have been stung.

The problem with ransomware is getting much worse these days, as malware writers have cottoned on to the fact that it's easier to get paid a ransom rather than have to go through all the tricky business of stealing identities from stolen information, or risk selling that information on forums.

The FBI is now offering millions in reward money to catch the crooks behind some ransomware. That's cheaper than funding police ransom payments, but giving criminals money isn’t a long-term solution.

In the meantime, never, ever execute an attachment or download from an untrusted source

http://www.theregister.co.uk/2015/04/13/us_police_ransomware/

Same thing as happened to Spence a few weeks ago I think..

Just in case... I now leave my back up unplugged from the computer

Kerrmudgeon · 04-14-2015, 11:02am

Better call......

Madmikeee · 04-14-2015, 12:01pm

Whoever runs these Departments needs to be shitcanned. Seriously, What proper IT Dept doesn't have backups?

mrvette · 04-14-2015, 12:09pm

Call my Son's wife.....she fix it in about 2 nanoseconds....seemingly, anyway....

lspencer534 · 04-14-2015, 12:42pm

Yep, that the same stuff I had a few weeks ago. I refuse to pay a ransom to anybody; instead I bough a refurbished Dell from WalMart for $129 plus tax. Not only did I save money by not paying a ransom, I got a new computer to replace my aging six-year-old computer.

69camfrk · 04-14-2015, 1:12pm

I got hit by that shit a few months ago. Fuggers got everything, but not one dime of my money. Some of my stuff was backed up, so no big deal. Lost a few pictures, and other things are stashed elswehere. Hope they weren't counting on me to pay them.....

island14 · 04-14-2015, 1:12pm

Quote:

Originally Posted by lspencer534

Yep, that the same stuff I had a few weeks ago. I refuse to pay a ransom to anybody; instead I bough a refurbished Dell from WalMart for $129 plus tax. Not only did I save money by not paying a ransom, I got a new computer to replace my aging six-year-old computer.

And the parts from your old one will be an upgrade for me..

Kerrmudgeon · 04-14-2015, 1:28pm

Geez, that's two members of this forum??? I hope they aren't targeting TVB, you know, with all the high rollers here.

lspencer534 · 04-14-2015, 2:22pm

Quote:

Originally Posted by Kerrmudgeon

Geez, that's two members of this forum??? I hope they aren't targeting TVB, you know, with all the high rollers here.

I too hope they aren't targeting members here. I have never, ever looked at an e-mail or its attachment unless I recognized the sender. My anti-virus never finds anything dangerous, although it does remove a few cookies. How I got the virus I'll never know.

69camfrk · 04-14-2015, 2:41pm

Quote:

Originally Posted by lspencer534

I too hope they aren't targeting members here. I have never, ever looked at an e-mail or its attachment unless I recognized the sender. My anti-virus never finds anything dangerous, although it does remove a few cookies. How I got the virus I'll never know.

Maybe we got it from that shitty bottle of booze (what I really mean is first class stuff) I sent you? Just sayin'!

island14 · 04-14-2015, 2:47pm

Quote:

Originally Posted by lspencer534

I too hope they aren't targeting members here. I have never, ever looked at an e-mail or its attachment unless I recognized the sender. My anti-virus never finds anything dangerous, although it does remove a few cookies. How I got the virus I'll never know.

I never got anything from the barbie links you posted..

Serious though.. I do not even use a internet condom.. and hard to say where you got it.. it's nothing to be embarrassed about like catching the clap.

And no worries about getting it here... if they were targeting people here, someone would catch on quick! as we have quite a few really net savy people here..

I use to use AVG free, but the computer I am using these days is too slow to use it as they have to update daily and uses up a lot of resources.

I'm just careful about where I go and what I do on the net, but download pdf manuals all the time without worries.

But I never ever open email attachments from anyone! as even trusted people you personally know.. get their emails hijacked all of the time.

island14 · 04-14-2015, 2:50pm

Quote:

Originally Posted by 69camfrk

Maybe we got it from that shitty bottle of booze (what I really mean is first class stuff) I sent you? Just sayin'!

Shitty Rhum is much safer..

lspencer534 · 04-14-2015, 2:52pm

Quote:

Originally Posted by 69camfrk

Maybe we got it from that shitty bottle of booze (what I really mean is first class stuff) I sent you? Just sayin'!

Nope...I couldn't even find the computer after drinking that.

Madmikeee · 04-14-2015, 3:36pm

FYI most people get the cryptolocker from Ads. They are embedded in the ad, especially video ads.If you go to naughty sites especially.
Google is HORRIBLE with their Ad security so that is where most of these assholes dump their malware/virus infected ads and videos.

Download adblocker plus. Kills ads dead. ALWAYS keep backups of your valuable info, pictures, videos and music on a separate drive with NO links to your network attached devices as cryptolocker will go through EVERY mapped drive or shortcut it can.

island14 · 04-14-2015, 5:43pm

Quote:

Originally Posted by Madmikeee

FYI most people get the cryptolocker from Ads. They are embedded in the ad, especially video ads.If you go to naughty sites especially.
Google is HORRIBLE with their Ad security so that is where most of these assholes dump their malware/virus infected ads and videos.

Download adblocker plus. Kills ads dead. ALWAYS keep backups of your valuable info, pictures, videos and music on a separate drive with NO links to your network attached devices as cryptolocker will go through EVERY mapped drive or shortcut it can.

I block anything that are downloads ads from google adsense from being posted on any of my websites as over time too may people clicked on those ads thinking it was the download link to a manual..

I always thought google policed their ads fairly well though.. but quit using Clicksor for that very reason..

Also found that once you put their ad scripts in your page, they tend to duplicate themself and make it hard to get rid of Clicksor..

If even one of my customers gets drama... this is not good for me..

For my own surfing.. I use a Mozilla app called Bluhell, that blocks all ads, mainly to save page load times as I have a really slow internet connect here.

Support the Barn:		Download the Mobile App;		Follow us on Facebook: