A police department in Massachusetts has paid $750 for two bitcoins to release files encrypted by the increasingly pervasive Cryptolocker ransomware.

CryptoLocker Ransomware Trojan Bitcoin Payment Page
The CryptoLocker Ransomware holds your files to ransom unless you pay two Bitcoins before the time limit of 72 hours. After that, it costs 10 Bitcoins.

A computer in the police department of Swansea, Massachusetts was hit by the CryptoLocker ransomware on 6 November.

CryptoLocker is a particularly pernicious piece of malware that is typically spread as a malicious attachment in emails which look to come from financial institutions or postal services.

The malware infected the computer in the Swansea police department and encrypted files on the PC's hard drive including "images and word documents" which could include police reports and arrest photos of suspects.

The police department clearly had no backup system in place as it paid the ransom of two bitcoins, despite FBI guidance not to pay the cyber-criminals behind the attack. At the time two bitcoins were worth $750 but if the police had to pay up today, the price would be $1,300 as bitcoin's vlaue has risen considerably in recent weeks.

Learning experience

"It was an education for [those who] had to deal with it. [The malware] is so complicated and successful that you have to buy these bitcoins, which we had never heard of," Swansea Police Lt. Gregory Ryan told the Herald News in Massachusetts.

"We've upgraded our antivirus software. We're going to try to tighten the belt, and have experts come in, but as all computer experts say, there is no foolproof way to lock your system down."

Last Friday, the UK's National Crime Agency issued an alert that spam emails appearing to come from banks and financial institutions are being sent to tens of millions of UK consumers. In the US, consumers receive emails claiming to be from FedEx or UPS.

How CryptoLocker works

The ransomware only affects Windows PCs and not Macs, scanning hard drive, attached drives such as USB sticks, and even cloud storage accounts like DropBox, for a wide range of file types.

Once it discovers the files, the malware encrypts them and displays a countdown timer, giving the victim a limited amount of time to pay up or see their files encrypted forever.

The user has 72 hours to pay the ransom fee, using bitcoins, otherwise the files will be deleted permanently, although as of 15 November the malware developers are now accepting late payments of 10 bitcoins after the countdown ends.

Don't pay

Security company Bitdefenders Labs has discovered that over 12,000 victims have been claimed globally in the week between 27 October and 1 November.

The National Crime Agency, like the FBI in the US, does not advise users to pay the ransom, as there is no guarantee that payments will be honoured.

Concerned users can download a free tool from Bitdefenders to block the CryptoLocker ransomware here.