US cops pay Bitcoin extortion money to decrypt files held hostage by hackers

Local police departments and the Sheriff’s office became victims of a computer virus that required them to pay a $318 extortion money to the hackers to decrypt the files.

A fumble made by the cops in Maine, US, have allowed software hackers to make money by requiring the law enforcement to pay up to decrypt files held hostage by them.

The local law enforcement server, which includes the sheriff’s office, along with police departments in Damariscotta, Waldoboro, Wiscasset and Boothbay Harbor in Lincoln County share a common computer network run by Burgess Computer. In March, they fell victim to an encryption virus, which encrypted files by the Megacode ransomware making them barely readable. In order to decrypt the files, they demanded Bitcoin ransom.

The virus is assumed to have been transmitted in the form of an email, which a user of the server unknowingly opened. In all likelihood, the user was directed to a link from there, which in turn downloaded the virus onto the server, Brackett said.

This sort of malware typically searches computers and networks for documents, creates a random encryption key per file, then later uses those to encrypt the data, and encrypts the keys using a public-private key pair. Only criminals have the private key needed to decrypt the files, and it costs money to get it back, effectively holding the information to ransom. Victims are given a few days to pay the ransom before the private key is deleted forever.

The police in Maine finally decided to pay the $300 ransom in Bitcoins to the perpetrators after they failed to restore the encrypted files for a couple of days.

Despite falling prey to the computer virus that encrypted local law enforcement computers, Lincoln County Sheriff Todd Brackett said there were several bright spots from an unfortunate incident.

No personal data was mined — it looks like they didn’t take any information,” he said. “We had to pay the ransom, but it looks like nothing was extracted from the server.”

Brackett said the idea of paying extortion money to the software hacker didn’t plea to the sheriff’s office, but that Burgess Computer covered the equivalent of 300 euros in bitcoin currency ($318) ransom to a European bank account.
“Paying a ransom — let’s say it goes against the grain,” he said. “We tried to find a way around it, but in the end our IT guys and Burgess recommended just paying the ransom.”

Brackett said that the sheriff’s office could access the decrypted files after six to eight hours of the ransom being paid.

But there were more positives to come from the incident, Brackett said.

Since the department has become aware of such scams and now knows how to deal with them, there will be more training given in this regard.

“We’ll have more virus protection training where we go over how to tell if something might be a virus,” Brackett said. “Sometimes, it’s hard to tell, but you’ve got to keep an eye out for some of these documents that people [email] you. Sometimes it can be hard to tell if it contains a virus.”

While the last virus happened at the human-level, there was an error in how the server was backed-up, which became visible during the ransom, Brackett said. Henceforth, the back-up server will be able to replace a hacked server, in other words, the department could find another way to work without having to pay the ransom, Brackett added.

“It’s possible there’s another virus that’s just sitting dormant somewhere on our server,” he said. “We’ll be checking hard drives in all the departments, but it really wouldn’t surprise me if there was another (virus) sitting dormant.

“But I feel much better knowing we have a back-up.”

Maine’s police are not the only one to get caught out by ransomware. The Massachusetts police were made to pay up in a similar situation last week, and this is not the first time they have been targeted.

The FBI is now offering millions in reward money to catch the hackers behind some ransomware. This is cheaper than financing police ransom payments, however, by paying up extortion money to the perpetrators is not a long-term solution.

In the meanwhile, never open an attachment or download from an untrusted source.