Recently afflicted with the notorious CryptoLocker ransomware, the department paid two Bitcoins to liberate its files, which was the equivalent that day of $750.
Swansea Police Lt. Gregory Ryan told the local Fall River Herald Tribune that no files were compromised and that the police report/booking software was unaffected by the attack. However, the lack of cyber-education was clear in his other comments: “It was an education for those who had to deal with it,” he said. “[The virus] is so complicated and successful that you have to buy these Bitcoins, which we had never heard of.”
The Swansea Police Department was hit on Nov. 6; and it bought the key and decrypted the files on Nov. 10. Since then it has improved its anti-virus protection, but Ryan noted that he believes “there is no foolproof way to lock your system down.”
CryptoLocker differs from earlier types of ransomware, which could be cleaned off of machines fairly easily by professionals, so that files could be recovered. This virus offers essentially no remediation path without time-consuming and painstaking efforts. Ingeniously, it uses a public key to encrypt a variety of file types such as images, documents and spreadsheets, on all drives and in all folders it can access from the compromised computer.
The malware then offers to trade money for a private, machine-specific key to unlock the encrypted files. A pay page with a countdown clock pops up, giving victims a limited time to buy back the private key for the data.
The two-Bitcoin ransom seems to be the norm for the malware, which, as an online currency, has a fluctuating valuation. Last month two Bitcoins were worth half of what they are this week. But regardless of the amount, if left unpaid, the criminals will destroy the private key after the time specified, meaning that it’s lost forever, and that the files are incapable of being recovered through typical computer software techniques.
On the other hand, there’s no guarantee that the perpetrators would honor the payment in any event. Though in Swansea PD’s case, they did.
CryptoLocker is spreading rapidly, and was recently reported to be hitting millions in the UK via a spam vector. More locally, Matt Fernandes, owner of local Somerset, Mass.-based computer shop WaveOne Technologies, told the Herald News that he’s seeing five to 10 customers come in per week with the infection. He called the virus the “worst I’ve ever seen.”