Police departments are regular victims of ransomware viruses. And from numerous news items we see that police departments regularly pay to hackers. We’ve heard of a government rule of not paying ransoms to criminals, but it is not working at all. What’s wrong with the system?
To serve and protect their motto is. How can they protect us if they cannot protect themselves? Crime is moving from the streets to computers. Although special agencies should take care of cyber crime, police should adapt and play its role too. At least they should be able to protect themselves in order to be able to keep records of offline crime and stop offline crime. If we can’t rely on the people enforcing our laws to stand up to criminals, then we’re in trouble.
Police payment cases grow every month. Ransom amounts were not big initially but they are now growing. Here is a list of cases.
- Swansea, Massachusetts, November 2013, paid $750
- Dickson, Tennessee, October 2014, paid $572
- Tewksbury, Massachusetts, December 2014, paid $500
- Midlothian, Illinois, January 2015, paid $500
- Lincoln County, Maine, April 2015, paid $300
- Melrose, Massachusetts, February 2016, paid $489
- Berryville, Arkansas, December 2016, paid $2,400
In many cases, we see that even basic infosec measures are not met.
Bellow are shocking comments from police officers.
Swansea Police Lt. Gregory Ryan:
“We’ve upgraded our antivirus software.”
Why wasn’t that done before? These are minimum measures every child should know. In the Internet era, do they have IT procedures at all?
Swansea Police Lt. Gregory Ryan:
“It was an education for those who had to deal with it.”
The Tewksbury Police Department Chief Timothy Sheehan:
“It was an eye opening experience, I can tell you right now. It made you feel that you lost control of everything. Paying the Bitcoin ransom was the last resort.”
So, they are still unaware of Internet and are still learning how to be safe? Have they heard of online breaches? Why do policemen still click on attachments in emails? This is the oldest well-known infection method for all viruses not only ransomware. Education and testing should have been taken place before. Systematical cyber security learning courses should have been carried out. What are they doing in this direction?
Swansea Police Lt. Gregory Ryan:
“The virus is so complicated and successful that you have to buy these Bitcoins, which we had never heard of.”
They know nothing of Bitcoins and say it is so complicated virus. What do they know at all about the Internet? Even children know about Bitcoins. It’s not just paying the ransom, sending the Bitcoins to hackers is clearly a money laundering scheme officers are helping with. Do they know from whom they bought those Bitcoins and where funds will go? More and more ransomware cases show that funds help to launch bigger spam campaigns and create more computer viruses.
The Tewksbury Police Department Chief Timothy Sheehan:
“This isn’t a breach. The data stays interior, but this virus encrypts it and prevents it from being readable.”
Swansea Police Lt. Gregory Ryan:
“No outside parties gained access to any personal information, and that the police department did not lose any files. We were never compromised.”
Never compromised? Hackers planted a virus and managed to encrypt files. Ransomware needs to communicate with its Command and Control servers to encrypt data. Encryption keys were sent back and forth. Are they 100% sure other data was not sent out? How do they know that no vital data was lost or stolen? Xbot ransomware for example which is 3-in-1 – seals data, encrypts data and is a banking Trojan.Any virus does not come alone. It drops backdoors, key-loggers, rootkits. You never know until you rebuild the system completely. Have they done it?
Sheriff Jeff Bledsoe, Dickson County, Tennessee:
“Although a substantial portion of the data encrypted on the report management server was able to be restored from backups, there were still approximately 72,000 files affected on the host computer. Documents vital to our ongoing investigations, booking documents, records, records of issued equipment, documents related to current and past prosecutions and other non-replaceable documents.”
They lack policies, important data should be kept in backups. Backups should be a standard operating procedure in all police/government offices. You don’t run a police department by the seat of your hmmm, you check and double-check everything that has to do with evidence or records. It is sad that only half of police departments have policies in place to reduce the risk of cyberattacks.
