Tewksbury, Massachusetts Police Latest to Get Cryptolocked

One would think that the police would understand security. After all, security is what they do. But time after time, hackers have been able to not only invade police networks, but then install Cryptolocker or a similar software, and hold the files hostage until the police pay in bitcoins.

Database Bailed Out of Crypto-lockup

cryptolockerThe police department of the little town of Tewksbury, Massachusetts, holds the honor of the Cryptolocker Victim of The Week. Either through a regular phishing attack or a direct intrusion, an instance of cryptolocker was installed on a computer they deemed valuable enough to bail out.

On April 4th, the Tewksbury Town Crier reported that back in December, actually prior to the very similar attack in Illinois, police systems were down for up to four days, while the department tried to call in the Cavalry – Department of Homeland Security, FBI, and State Police, to get their drives unencrypted without paying the ransom. In the end, they paid the ransom.

The software described by the police was worm-like – it entered through a level of high access, specifically the officer in charge’s computer, and then sought out the biggest store of data it could find. Once there, it locked it up and put a pay wall, demanding $500 in bitcoins or else the files would never be unencrypted. Perhaps one day in the distant future, such a scenario will sound like a joke if quantum computing ever becomes a commonplace fixture in the government arsenal. But for now, the fact of the matter is, this very thing could happen to anyone, anywhere.

Clearly, unsecured networks, or networks that believe they are immune to outside threats because they are authority figures, more rightly, are far more vulnerable. But encryption is a serious matter, and once something is unencrypted, only he who has the private key can fix it. And if he says you have to give him a bunch of bitcoins in order for it to happen, that’s what you have to do. At least that’s what the Tewksbury Police decided after higher level police organizations proved unable to help them.

Sometimes the Files are Left to Rot

It doesn’t always work out the way the hackers plan, however. There was the episode where they encrypted the wrong drive in Detroit, and the department decided that the files simply weren’t important enough to pay for or even worry about. Just delete and carry on, hopefully with better security.

At this point, if you fall victim to a phishing attack and it is not extremely difficult to detect, you might just need to learn a life lesson.

Always ensure that the e-mail you’re reading is from who it says it is. If it claims to be a legitimate business, but they’re asking you to do something out of the ordinary, check with them via phone. Avoid saving passwords in your standard browser password locker, as the database is unencrypted. A smart phishing attack can therefore instantly capture a nice tidy table of your user accounts. If you must save your passwords somewhere, follow this guide or use something like LastPass.


Website: http://phm.link

P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link