14 DAY TRIAL // The police department of the Midlothian Village in Illinois has been hit by ransomware with file-encryption capabilities and was forced to succumb to the demands of the hackers in order to retrieve important police records.
The incident occurred in January, when someone in the department opened a fraudulent email that pointed to the malicious software.
This is not an isolated case
In typical ransomware fashion, specific files, multiple document types in particular, were immediately encrypted, with the decoding key remaining in the possession of the cybercriminals.
When the file-locking task completed, a ransom message popped up informing of the payment options and the amount of the fee.
Such an incident is not a first among police departments in the US, and the decision to pay the hacker is not unprecedented either.
In October last year, the Sheriff’s Office in Dickson County, Tennessee, paid $500 / €440 to the cybercriminals to receive the key for unlocking a total of 72,000 files.
The next month, the Swansea Police Department made the same decision when one of its computers was infected with the infamous Cryptolocker.
However, other cases where the hackers’ demands were not satisfied also exist. When Cryptowall affected the records of the police department in Durham, New Hampshire, the officers were able to avoid paying the money because a backup of the entire data was available in a safe place.
In Collinsville, Alabama, US, the police refused to give in, despite the fact that no backup was available for the data.
File backups were also encrypted
In the case of Midlothian PD, safe copies for the data had been created, but unfortunately they were stored within the reach of the malware and they were included in the malicious encryption process. As such, the only hope at re-gaining access to them was to pay the $606 / €533 asked by the cybercriminals in bitcoin digital currency, the Chicago Tribune reports.
Security experts’ recommendation when it comes to crypto-malware infection is not to pay the ransom fee. If no money is to be made from this practice, cyber-crooks will be discouraged to carry out this type of attacks.
Avoiding losses caused by this type of malware involves creating a backup system that places the safe copies in a location isolated from the workstations, or which have strict rules regulating the processes and users that have write permissions.