Posted on 11/14/2014 7:01:23 AM PST by Brother Cracker
DICKSON, Tenn., - A Tennessee sheriff's department said it paid more than $500 ransom to release files locked away by malicious software accidentally downloaded into the system.
Detective Jeff McCliss, IT director for the Dickson County Sheriff's Office, said the "Cryptowall" program was installed into the department's computer system in late October when someone streaming local radio station WDKN accidentally clicked on a rotating ad that had been infected with the malware.
McCliss and Sheriff Jeff Bledsoe said Cryptowall put a lock on the department's case folder and demanded $572 worth of anonymous online currency Bitcoins to unlock the files.
"Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files," McCliss told WTVF-TV.
McCliss said he consulted with experts including those affiliated with the FBI and the military, but the consensus was the only way to unlock the files was to pay.
The payment was made to a person identified only as "Nimrod Gruber."
"Although a substantial portion of the data encrypted on the report management server was able to be restored from backups, there were still approximately 72,000 files affected on the host computer, which introduced the malware to the network and the report management system and the attached drives," Bledsoe told the Dickson Herald.
Luke Vincent, information technology director for the town of Durham, N.H., said police in his town were targeted by a similar "ransomware" scheme, but officials decided not to pay. He said the affected files were "administrative" rather than "critical."
"We knew we were never going to pay that ransom," Vincent said. "We were able to restore all the files...so there was never a thought of paying the ransom in that case."
However, he said the town did end up spending about $3,000 to a contractor to help with "cleanup" following the breach.
They need to hunt down who created this malware and summarily execute them.
That’s why you don’t let your users have local admin privileges.
Small town departments aren’t bright enough to pay a consultant to come in for a week and streamline things to prevent accidents like this. And yes, limiting users to minimal privileges is in the top five things that ought to be done. I’d even lock down users to no more than thirty minutes a day of browsing.
That’s an uncalled for insult of small town cops.
I’ll take the small town cops over larger departments any day of the week.
A brother of mine got a similar malware program on his home computer. The outift that made the malware even provided contact information and methods of payment needed to have the malware removed. He immediately contacted some tech people he uses sometimes. They said they had heard of that malware before and that Microsoft had been trying “to get” the outfit that makes it. To clean it off of his system, they were able to get all his personal files off and clean, but they had to reinstall Windows and all his programs.
They would probably have to go to Russia to find them.
Pick out a state and look for a dozen departments of twenty to forty personnel. Ask them if they back up their data daily. Ask them if they have a dual-storage policy. Ask them about the legit anti-virus software package they are using and if they actually paid for it. Ask about their firewall. Ask about the number of viruses they encounter on a weekly basis. As a minimum....I would hope they’ve hire some semi-smart geeky guy who will at least give them minimum protection. But no one is standing there and to audit or force them to take protective measures. And a big mess occurs every two or three months...how many hours do they waste trying to recover from their mess....which they never seem to realize that they need a good technician, stringent rules on back-ups, and absolutely limit users to only basic functions in support of their jobs.
Good. You can’t warn people about about taking security measures for their computers.
You can’t warn people enough
No script is a must have.
A team of highly skilled dog criminals have been wreaking havoc on local law enforcement departments by planting a computer virus on their computers. The pilfering pooches then demand a reward in order to free up the computer. In a statement to the press, the dog team's leader claims they are taking these actions as a result of officer's unreasonable shooting of dogs. For additional information, please visit: www.pawsupdontshoot.com.
Stop browsing pornsites and these issues go away.
Malicious ads on major websites held users’ files to ransom
http://www.engadget.com/2014/10/24/cryptowall-ransomware-attack-proofpoint-report/
That is a good not just for computers on a business network but also for your home PC. I have my computer set up (Windows 7) with an account for full administrator access rights but that requires a strong password to log into and I change it regularly and I never, ever, ever surf the net or even login as the admin unless absolutely necessary. For daily use including getting on the internet or checking my email, I log into a “guest” account set up with absolutely no admin rights and that log on requires a different log on password.
Anytime I get a request for a software update installation such as for Adobe or Java or try to download and or install a program or make any system setting changes, etc. while logged in as the non-admin guest, I will get prompted for the admin password.
This is of course not 100% foolproof I know, but it helps.
Malicious ads on major websites held users’ files to ransom
And you can pick up some very nasty malware from emails, emails that “may” sometimes look very legitimate.
I am the payroll and HRIS manager for the company I work for and yesterday morning an employee forwarded an email just as described in the two links below.
http://www.threattracksecurity.com/it-blog/adp-past-due-invoice-spam/
Fortunately she realized it was suspect especially since she is in sales and not in accounts payable and let me know right away without (hopefully) clicking on the links. I contacted our IT manager and let her know and then sent out a companywide email advising employees to be on the lookout for fraudulent emails purporting to be from ADP and the warning: DO NOT OPEN AND DO NOT CLICK ON THE LINKS, DELETE THE EMAIL AND IF YOU DID CLICK ON THE LINKS, NOTIFY IT IMMEDIATELY. (OK, I didn’t send in all caps but I did bold and underline : ), )
Unfortunately the timing of these phishing emails with their malware links comes at an especially bad time since we are having our annual benefits open enrollment and many employees who don’t regularly log into our ADP self service site are doing so right now and some having forgotten their passwords are requesting password resets and may mistakenly think this is actually from ADP.
I wonder what if it’s the same part of Tennessee as this cop...
https://www.youtube.com/watch?v=_1XyDXKyFAY
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.