Cyber criminals targeting a police station in the US successfully stole an encryption key used to access vital incident response-logging software and in a ransom-style ultimatum, charged a fee for its release. However, unlike previous attacks of this nature, the hackers chose not to demand thousands of dollars, and instead charged the cops just one bitcoin.
The software in question, known as TriTech, allows law enforcement officers to process records remotely while on patrol using laptops and has been adopted by some US police departments to increase efficiency. However, the system became locked down when Melrose Police Station in Massachusetts, US, was hit with a targeted cyber attack on 25 February.
The attack came in the form of a phishing email sent to the entire police department, Police Chief Michael Lyle told the Melrose Free Press, setting off a virus that infected the department's software.
The department called in IT director Jorge Pazos, who quickly realised the hackers were demanding a single bitcoin (worth roughly $450, £320) to release the encryption key, which was duly paid. Police were then able to regain control of the software on the Saturday of the same week.
Bitcoin is a virtual cryptocurrency that is used in online trading. However, the currency is also frequently relied upon by hackers and cyber criminals to hold targets to ransom as it allows them to be paid anonymously. According to Lieutenant Mark DeCroteau, no data was compromised or left exposed during the attack, however officers did shut down the TriTech system until the problem was resolved. The department still had access to other systems that search criminal databases and find outstanding warrants, he added.
What is ransomware?
Ransomware-based cyber attacks are becoming increasingly popular with hackers. Traditionally, the tool locks down everything on a computer system until a fee is paid – usually in bitcoin – to release the encrypted data.
These kinds of attacks represent a threat to both businesses and individuals alike. Most can be avoided by taking security precautions like installing antivirus software, connecting to a VPN when online, and not clicking on any suspicious links or downloads.
Most recently, a widespread attack hit a US hospital and the hackers responsible gained control of a slew of systems including computer networks that stored patient data and crucial lab work. For their part, the hackers – or hacker – demanded over 9,000 bitcoins, which is the equivalent of $3m. Eventually, the Los Angeles facility paid $17,000 to regain access.
Following this incident, Troy Gill, manager of security research at US-based security firm AppRiver told the IBTimes UK that paying criminals should be avoided when possible. "Keep in mind that the only reason these thieves keep making these attacks is because people are paying them," he said.
"If all of the victims stopped paying ransoms, they wouldn't have a successful business model, whose core objective is to steal your money. Just remember, there is no honour amongst thieves so don't be surprised if they take your money and never give you the key to unlock your files."