Police in Tewksbury, Massachusetts paid an untraceable $500 Bitcoin ransom to an unknown hacker who managed to plant ransomware on the police department's computers.
The malware infection and ransom payment occurred last December, though not until this week was it uncovered and reported by the Tewksbury Town Crier.
Police Chief Timothy Sheehan said that a form of CryptoLocker ransomware infected police computers on Dec. 7, though nobody realized this until Dec. 8.
Ransomware is a type of malware which, as its name suggests, lets hackers hold a person's computer files for ransom. It's spread the same way as regular malware, often through infected links or downloads attached to emails (hence the standard computer-safety rules “Never download any file or click on any link in an unfamiliar email”). The malware will either delete or encrypt your files, and you'll see a note informing you that if you want access to your files back, you must pay the hacker a ransom, usually through Bitcoin, a wire transfer or some other untraceable payment method.
Of course, the fact that a hacker managed to delete or encrypt some of your files wouldn't matter, if you followed the standard computer-safety precaution of making backup copies of any important files you have. Alas, the Tewksbury PD apparently did not make backup copies of its crucial files. Chief Sheehan told the Town Crier that the ransomware attack “basically rendered us in-operational, with respect to the software we use to run the Police Department.”
Sheehan also said that he'd reached out to other police departments across the state to see if anyone else had experience with ransomware; in November 2013, the police in Swansea paid a $750 ransom.
The Boston Globe found other examples of ransom-paying police departments across the country: the Chicago suburb of Midlothian paid $500 in January. Last June, the tiny (four people) police force in Collinsville, Alabama, received a similar threat, but Police Chief Gary Bowen refused to pay the ransom. “There was no way we were going to succumb to what felt like terrorist threats,” he said. The Collinsville PD never got its files back.
Chief Sheehan in Tewksbury made a similar remark to the Town Crier. “Nobody wants to negotiate with terrorists. Nobody wants to pay terrorists .... paying the Bitcoin ransom was the last resort.”