Police department defiant despite crippling CryptoWall ransom attack

Durham Police fights back with backups

Another US police department has had its computer systems brought to their knees by a ransom Trojan, but this one has made it clear that it has no plans to pay the criminals to get lost files back.

According to local press reports, the victim this time is the Police Department in the New Hampshire town of Durham, which had to lock down its systems last Friday after a member of staff opened an attachment infected with the CryptoWall Trojan that had arrived by email.

It appears that chaos ensued overnight as the infection spread with the department forced to isolate its system by noon the next day. Despite this, it sounds as if the infection could have been much worse in terms of lost data.

"The functions affected are the police email system, and word processing, as well as spreadsheets, Excel and other administrative tasks," town administrator Todd Selig was quoted as saying by media.

"The crime records are not affected. We do back up all of our systems, so we will work to restore what may be lost," he said.

Selig didn't specify the ransom demanded by the malware but CryptoWall typically asks for between $500 (£300) and $1,000 in Bitcoins.

Separately, Durham Police Chief Dave Kurz said that the effect of the malware was more inconvenient than long term because the Depratment had backups for all its files.

"It's more of an inconvenience and lost work time for staff because nobody is able to use their computer," he said.

The significance of the incident is subtler - the police department has no plans to pay the ransom under any circumstances.

Normally, the idea of public officials paying criminals would be hugely problematic, but Selig is no doubt aware of an incident from last year in which the police department in nearby Swansea Massachusetts did exactly that, reportedly coughing up $750 in an attempt to retrieve files after experiencing an infection by CryptoWall's better known rival, CryptoLocker.

The decision to pay was controversial, and rightly so. Of course, in this case there are backups so there is no need to consider that option.

"Make no mistake, the Town of Durham will be paying no ransom. Our capable technology staff and third-party contractors will guide us through this unfortunate incident," Selig told media.

CryptoLocker was, coincidentally, temporarily defused last week after the disruption of the Gameover Zeus botnet used to distribute it, but copycat program CryptoWall appears more than capable to taking its place as malware public enemy number one.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityTown of Durham

More about Excel

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts