Hackers use Cryptoware ransomware to encrypt Midlothian Police Department Database and get paid by the Police to decrypt it
Midlothian a south suburban village in United States was in middle of a cyber attack when its police department was hit by a ransomware called Cryptoware in month of January. The hackers who had injected Cryptoware to encrypt the files of the Midlothian police demanded a ransom in unknown amount of bitcoins which the police department paid.
While the exact amount of ransom paid was not known, Calvin Harden Jr., an IT vendor who works with the village reported that the police had paid $500 while the villagers seem to differ and told the news persons that $606.00 was paid to the hackers. In all probability a amount of 2 Bitcoins was paid to the hackers.
According the Harden, the hackers didnt access the Police Department information but merely shut it down and made it inaccessible, “It didn’t encrypt everything in the police department. It was just that computer and specific files,” not the entire system, Harden said.
The Midlothian Police Department was infected when one of the police officers opened an spear phishing email that contained the Cryptoware malware, allowing it to lock down the PD computer, Harden said.
A message popped up on the machine demanding money in exchange for a decryption code that would return access, Harden said.
This is not the first time hackers have targeted a government agency. In November, 2014, hackers had managed to encrypt the database of entire city of Detroit which we had reported.
Both Federal Trade Commission and the FBI issued a public warning last year after the Sony hack attack, to consumers and businesses about the virus, saying it’s “essentially extortion.”
Midlothian Police Chief Harold Kaufman confirmed that the department had been hacked but refused to comment on why the Police had paid the ransom.
Kaufman, Midlothian’s mayor also refused to comment on this aspect while FBI spokesperson has said that they were unaware of this cyber attack.
Midlothian village officials released a copy of the town’s invoice “for MPD virus,” which shows the village sent a $606 money order to a bitcoin cafe in New York to transmit the money to the hacker. The payment included bank fees and surcharges. Police officials initially tried a wire transfer through Bank of America, Harden said, but couldn’t.
The village had to make a difficult decision whether to comply with the demand, Harden said, and chose to because a pursuit of the hacker might have been more trouble than it’s worth. “Because the backups were also infected, the option was to pay the hacker and get the files unencrypted,” Harden said, “which is what we decided to do.”