A county sheriff’s office in Tennessee paid a $500 ransom in bitcoin after it became the victim of a cyberattack this week.
Cryptowall is a Trojan horse program that, once inside a computer, encrypts its contents and triggers demands for a payment in bitcoin. The firm’s estimates suggest that after being discovered earlier this year, as many as 1,000 computers have been infected.
Detective and sheriff’s office IT director Jeff McCliss told WTVF-TV that a data cache containing sensitive documents, photographs and criminal reports was impacted. Overall, more than 70,000 files were temporarily inaccessible due to the malware infection.
“Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files,” he said.
Subsequent investigation involving the Tennessee Bureau of Investigation, Federal Bureau of Investigation (FBI) and the US military reportedly produced no solutions. Ultimately, the sheriff’s office was forced to pay the ransom in order to regain access to the files.
No good solutions
According to investigators, issues started last month when an employee at the sheriff’s office inadvertently downloaded the malware by clicking on an online ad. McCliss told the Nashville-based news program that the office was not actively targeted.
After consulting both state and federal-level investigators – with some help from the military – McCliss concluded that the best course of action would be to pay the ransom. Otherwise, he told WTVF-TV, the sherrif’s office risked losing valuable ground on a number of cases, as well as access to needed information.
“Is it better to take a stand and lose all that information? Or make the payment grit your teeth and just do it? It made me sick to have to do that.”
McCliss said that he still has many questions surrounding the malware infection, and that as a result, the choice to pay the ransom wasn’t the easiest decision he has had to make.
“It’s a very bad feeling,” he said.
Cryptowall’s reach grows
Cryptowall has gained notoriety in recent months for its strong encryption method and global reach.
Earlier this week, Hawaii-based news source KHON 2 reported that the CryptoLocker derivative had infected some computers located in Honolulu. At the time, local law enforcement officials urged both residents and business owners to both back up their files and maintain robust anti-malware measures.
A report published last month by security firm Proofpoint suggested that popular online search destinations have have been utilized to boost distribution of the malware.
According to the study, advertisements on websites like Yahoo! and AOL, as well as a number of other online publications were used as unwitting delivery vehicles for Cryptowall. The practice, known as “malvertising”, has contributed to the success of the malware and led to the Tennessee malware infection.
Image via Shutterstock