Police department defiant despite crippling CryptoWall ransom attack

Durham Police fights back with backups

Another US police department has had its computer systems brought to their knees by a ransom Trojan, but this one has made it clear that it has no plans to pay the criminals to get lost files back.

According to local press reports, the victim this time is the Police Department in the New Hampshire town of Durham, which had to lock down its systems last Friday after a member of staff opened an attachment infected with the CryptoWall Trojan that had arrived by email.

It appears that chaos ensued overnight as the infection spread with the department forced to isolate its system by noon the next day. Despite this, it sounds as if the infection could have been much worse in terms of lost data.

"The functions affected are the police email system, and word processing, as well as spreadsheets, Excel and other administrative tasks," town administrator Todd Selig was quoted as saying by media.

"The crime records are not affected. We do back up all of our systems, so we will work to restore what may be lost," he said.

Selig didn't specify the ransom demanded by the malware but CryptoWall typically asks for between $500 (£300) and $1,000 in Bitcoins.

Separately, Durham Police Chief Dave Kurz said that the effect of the malware was more inconvenient than long term because the Depratment had backups for all its files.

"It's more of an inconvenience and lost work time for staff because nobody is able to use their computer," he said.

The significance of the incident is subtler - the police department has no plans to pay the ransom under any circumstances.

Normally, the idea of public officials paying criminals would be hugely problematic, but Selig is no doubt aware of an incident from last year in which the police department in nearby Swansea Massachusetts did exactly that, reportedly coughing up $750 in an attempt to retrieve files after experiencing an infection by CryptoWall's better known rival, CryptoLocker.

The decision to pay was controversial, and rightly so. Of course, in this case there are backups so there is no need to consider that option.

"Make no mistake, the Town of Durham will be paying no ransom. Our capable technology staff and third-party contractors will guide us through this unfortunate incident," Selig told media.

CryptoLocker was, coincidentally, temporarily defused last week after the disruption of the Gameover Zeus botnet used to distribute it, but copycat program CryptoWall appears more than capable to taking its place as malware public enemy number one.