A county sheriff’s office in Tennessee paid a $500 ransom in bitcoin after it became the victim of a cyberattack this week.
Cryptowall is a Trojan horse program that, once inside a computer, encrypts its contents and triggers demands for a payment in bitcoin. The firm’s estimates suggest that after being discovered earlier this year, as many as 1,000 computers have been infected.
Detective and sheriff’s office IT director Jeff McCliss told WTVF-TV that a data cache containing sensitive documents, photographs and criminal reports was impacted. Overall, more than 70,000 files were temporarily inaccessible due to the malware infection.
"Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files,” he said.
Subsequent investigation involving the Tennessee Bureau of Investigation, Federal Bureau of Investigation (FBI) and the US military reportedly produced no solutions. Ultimately, the sheriff’s office was forced to pay the ransom in order to regain access to the files.
No good solutions
According to investigators, issues started last month when an employee at the sheriff's office inadvertently downloaded the malware by clicking on an online ad. McCliss told the Nashville-based news program that the office was not actively targeted.
After consulting both state and federal-level investigators – with some help from the military – McCliss concluded that the best course of action would be to pay the ransom. Otherwise, he told WTVF-TV, the sherrif’s office risked losing valuable ground on a number of cases, as well as access to needed information.
McCliss said that he still has many questions surrounding the malware infection, and that as a result, the choice to pay the ransom wasn’t the easiest decision he has had to make.
“It's a very bad feeling,” he said.
Cryptowall's reach grows
Cryptowall has gained notoriety in recent months for its strong encryption method and global reach.
Earlier this week, Hawaii-based news source KHON 2 reported that the CryptoLocker derivative had infected some computers located in Honolulu. At the time, local law enforcement officials urged both residents and business owners to both back up their files and maintain robust anti-malware measures.
A report published last month by security firm Proofpoint suggested that popular online search destinations have have been utilized to boost distribution of the malware.
According to the study, advertisements on websites like Yahoo! and AOL, as well as a number of other online publications were used as unwitting delivery vehicles for Cryptowall. The practice, known as “malvertising”, has contributed to the success of the malware and led to the Tennessee malware infection.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.