The police in a quiet New Hampshire town are back online after being hit with a virtual “stick-up” that seized the department’s files and demanded cash.
"We're 100% operational now, and life is back to normal," Todd Selig, the town administrator of Durham, New Hampshire, told NBC News. "But it was quite a weekend."
Durham staffers believe the virus in question is "Cryptowall," the latest piece of so-called ransomware, or a variant.
The malware, which encrypts a victim's computer files and effectively holds them hostage, has been spreading to businesses and consumers alike.
Networking giant Cisco published a blog post about Cryptowall last week, a few days after federal agents arrested people connected to the similar "CryptoLocker" malware. Cybercrime costs businesses around $445 billion a year, according to a Monday report that was sponsored by McAfee.
For the Durham police the problem began the evening of June 5, when an officer received what appeared to be a legitimate message from a known contact. The officer clicked a link in the email, Selig said, and unwittingly downloaded the malware.
By the next morning, "there were widespread challenges to the department's ability to access files," Selig said. The town's manager of information technology, Luke Vincent, took all of the department's computers offline and the virus was isolated by Friday night.
Vincent told the department that the virus was likely Cryptowall or a similar piece of ransomware, and he advised them not to open a file with "instructions" -- which typically demand money in exchange for unlocking the inaccessible files.
"That was fine with us, because we just weren't going to play the ransom game," Selig said. "We looked at this as a criminal action, and we knew going in that we had a backup of all of our data."
A security expert said Selig and his colleagues did exactly what they should have.
"When we give ransom, we’re helping fund the criminals," Domingo Guerra, the co-founder and president of mobile app risk management service Appthority, told NBC News.
What's more, Guerra said, there's no guarantee that the attackers will keep their word and unlock files after receiving the cash. They may simply leave your files inaccessible, or demand even more money.
Instead, Guerra said, victims of Cryptowall and similar attacks should report the incident to the FBI. Then, they should try to install anti-malware or anti-virus software to scan the infected computer. As always, it's smart to change passwords immediately after such an attack, he said.
Ransomware like Cryptowall is spreading especially quickly on mobile devices, Guerra added, "because the criminals go where the users are. It's important to remain diligent on any device."
That's the lesson that the town of Durham is taking away from its own Cryptowall nightmare, Selig said.
"No one did badly here -- we’re dealing with technology that’s quite sneaky -- but we will be giving a lot of thought as to what things we might want to enhance within our security systems," Selig said. "This got past our strong anti-virus technology, and we want to be stronger the second time."
The ordeal has cost the town of Durham about $2,000 to $3,000, Selig estimates. He's pleased with the department's response, noting that the town of 14,600 employs only 21 police officers and one full-time technical staffer.
"We're not the NYPD with thousands of employees," Selig said. "But we contained this within 48 hours. It was a valuable lesson to stay focused on technology, even if it isn't the main focus of your business."
First published June 9 2014, 10:54 AM