A computer virus that encrypts files and then demands that victims pay a “ransom” to decrypt those items recently hit the Swansea Police Department.
The department paid $750 for two Bitcoins — an online currency — to decrypt several images and word documents in its computer system, Swansea Police Lt. Gregory Ryan said.
“It was an education for (those who) had to deal with it,” Ryan said, adding that the virus did not affect the software program that the police department uses for police reports and booking photos.
Ryan also said that no outside parties gained access to any personal information, and that the police department did not lose any files.
“We were never compromised,” Ryan said.
CryptoLocker, a new Windows ransomware virus sweeping across the country, hit the Swansea Police Department on Nov. 6. The virus encrypted several files that could only be decrypted through the purchase of Bitcoins, an unregulated digital currency, to pay for the special “decryption key.” A countdown clock appeared on a computer screen showing how much time the department had to buy the key before all the files were deleted.
The Swansea Police Department bought the key and decrypted the files on Nov. 10.
“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Ryan said.
Matt Fernandes, owner of WaveOne Technologies Inc., a computer service store in Somerset, urged people not to pay the ransom, but instead to report the infection to the FBI and to take their computers to a repair shop.
Fernandes said the computer virus has spread rapidly in
recent months, and that he sees five to 10 customers — many
of them elderly — every week reporting their computers being
affected.
“This is the worst (computer virus) I’ve ever seen,” said
Fernandes, whose business recently helped a mortgage company
in East Providence restore its files after its computer
system was attacked.
Fernandes said the virus changes files’ extensions, which makes it impossible to open them through regular computer programs. He said the files can be restored to their original format, but that work is very time-consuming.
“It’s a very tedious process,” Fernandes said.
Meanwhile, computer analysts are combing the Swansea Police Department’s computer system, looking to tighten security protocols.
“The virus is not here anymore,” Ryan said. “We’ve upgraded our antivirus software. We’re going to try to tighten the belt, and have experts come in, but as all computer experts say, there is no foolproof way to lock your system down.”
Ryan said the department does not know how the virus got into the system or if someone opened an email attachment.
According to several published reports, the CryptoLocker virus is often attached to an official-looking, but false, email message from UPS or FedEx purporting to be a tracking notification. When someone opens the e-mail, they are asked to download a Zip file that contains an executable file (.exe) that unleashes the virus.
In New Jersey, police said a victim received the computer virus when he went to a website that someone had called to tell him to visit.
Fernandes said the virus evolved from earlier versions in the spring that purported to be messages from the FBI, the Department of Defense or Homeland Security. The ticker that appears on the computer screen — warning the files will be deleted when the clock strikes zero — is just a scare tactic.
Following the money to a source is difficult because
Bitcoin, like MoneyPak, harnesses decentralized, private
fund-exchange networks. Fernandes said the rogue
programmers responsible for the virus are often from the
Ukraine, Russia and some of the other former Soviet
nations, which puts the programmers out of reach of
American law enforcement.
“These scammers make billions. They make more in one
year than what we’ll make,” Fernandes said.
The United States Computer Emergency Readiness Team encourages people who experience a ransomware infection to not respond to extortion attempts by attempting payment but instead to report the incident to the FBI’s Internet Crime Complaint Center.
The CryptoLocker virus finds and encrypts files located within shared network drives, USB drives, external hard drives, network file shares and some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected.
Fernandes said people can reload their computers if their files are backed up. In Windows 7, to restore the files, Fernandes said people can right-click on each file to restore it to its previous format.
“The files are not unrecoverable,” Fernandes said. “You don’t have to pay these scammers.”
“Since the middle of September, this has been exploding worldwide,” Ryan said. “It’s good for everyone to understand this. We don’t know how we got it. But if you see something strange in your email, just delete it.”
Email Brian Fraga at bfraga@heraldnews.com.
Copyright © 2006-2013 GateHouse Media, Inc. Some Rights Reserved.