More police departments acknowledge paying ransom to unlock their systems

And yet more police departments pay ransom to unlock their systems. WCSH in Maine reports:

Lincoln County Sheriff Todd Brackett said four towns and the county have a special computer network to share files and records. Someone accidentally downloaded a virus, called “megacode”, that put an encryption code on all the computer data.

The Sheriff said it basically made the system unusable, until they paid a ransom fee of about $300 to the creator of the virus.

[…]

And those Midcoast departments aren’t the only law enforcement victims. The Houlton Police Department was also hit by the same or similar virus early this week, and it locked up all their files. Chief Terry McKenna said they, too, were forced to pay the ransom to get their computer data restored

Read more on WCSH.

So now that they’ve publicly admitted that they’ve paid ransom to unlock their files, are they more likely to get hit again?  Can they really be sure their employees won’t fall for the next malware attempt?

There’s no doubt that this is a growing problem – or that at least departments are being more transparent in reporting it. Earlier this week, I noted the Tewksbury Police Department case in Massachusetts, but there have been others, too, as the Boston Globe reported:

Among other small-town police forces hit was the Swansea Police Department. It fell victim to the same threat in November 2013 and paid $750 to get its files back.

The police department in the Chicago suburb of Midlothian paid $500 in January. In Dickson County, Tenn., the sheriff’s office came under attack in October. Despite seeking aid from the FBI, the agency ended up paying $572 in ransom.

Not all departments pay the ransom – and some, thankfully, don’t need to:

But in Durham, N.H., Police Chief Dave Kurz chose not to pay because the department had backed up the encrypted information and could work around the seized database.

“We had to clean essentially all the computers, but all of our data was prepared,” Kurz said.

Others refuse to pay but lose their data:

The four-member police force in Collinsville, Ala., was hit in June, with the hackers demanding $500 to free up a database of mugshots. Chief Gary Bowen dug in, refused to pay, and never got his department’s files back.

“There was no way we were going to succumb to what felt like terrorist threats,” Bowen said.

Obviously, it would be much better if more departments were as prepared as the Durham, NH police were. Because what are all these departments going to do when the attackers start asking for even more money?  And what happens when the criminals start really hitting the k-12 systems? Will the districts pay ransom rather than be brought to their knees by locked files?

In related and helpful news, Charlie Osborne reports that Scraper ransomware has been broken, allowing for victims to circumvent payment and access their locked data.

About the author: Dissent