What happens when the cops get hit with malware, too?
(Source: zdnet.com)

clicks | 14 days ago | comments: discuss | tags: bitcoin


Article preview (bot search)

(Original link: zdnet.com)

ZDNet Japan What happens when the cops get hit with malware, too? Victims of ransomware turn to the police after being attacked by cyber criminals - but what happens when it's the police who get hit with file-locking malware?
When they are on the receiving end of a ransomware attack, one of the first things the victims can do is call the police -- but what happens when the cops themselves falls victim to ransomware? More security news US telcos caught selling your location data again: Senator demands new laws
One law enforcement agency that found itself hit by a ransomware attack was the Lauderdale County Sheriff's Department in Meridian, Mississippi on 28 May 2018.
"Our IT manager contacted me -- and at first I thought he was joking when he said we've got a major problem," says chief deputy Ward Calhoun of Lauderdale County Sheriff's Department.
"You hear about these kind of things happening where networks are compromised but it's always the idea that it'll happen to somebody else, it won't happen to us. But he told me you need to come to my office, this is serious, we have a problem. We got together and he explained to me we're the victims of a ransomware attack."
The department had fallen victim to a variant of Dharma ransomware and most of its systems taken down by the attack.
"It was on most of the systems for our department -- specifically, our software that we do our report management of incidents and investigations," Calhoun explains.
"It almost brought us to a standstill. It was terrible, knowing that you had information there; we had cases we were working on, but we couldn't do anything because we couldn't access the information anymore. It was very frustrating and one of those things you wouldn't think would ever happen."
See also: What is ransomware? Everything you need to know about one of the biggest menaces on the web
But Lauderdale County is far from the only police department to have found itself the victim of a ransomware attack by cyber criminals; about 500 miles west, Lamar County Sheriff's Department in Texas also found itself the victim of an unrelated ransomware attack -- just one week before Lauderdale was hit.
"We got a call from dispatch that our computer-aided dispatch wasn't working and that the internet went down in that department. So my IT helper went over there thinking it was a switch that stopped working and he'd replace it and move on," says Joel Witherspoon, IT manager for Lamar County Sheriff's Department.
"But when he got there, he saw that wasn't the problem. When he logged into the server, the background wallpaper took up the whole screen and said you've been infected with ransomware," he explains. "I knew we were down and it was pretty bad."
The ransomware affected some desktop PCs and two servers used to download and store video recordings made by units out on patrol. Those videos were automatically uploaded to the servers when a unit returns to the Sheriff's Office -- and they'd become encrypted by ransomware.
"It was amazing to me. I've been doing this for 13 years and it's our worst nightmare," Witherspoon says.
Many ransomware attacks come as a result of the victim clicking on a phishing link or being injected with malware after visiting a compromised website , but in this instance, the malicious software found a way in via a forgotten instance of remote desktop software that connected to the videos stored on the server.
For Lauderdale County, an old, forgotten password was exploited by attackers to deliver ransomware.
"It was an opportunistic attack. We had a weak password from a past administrator that hadn't been used for seven or eight years, but it was still in our system and had never been deleted. That was the door they were able to hammer on enough to get into our network," says chief deputy Calhoun.
Giving into the ransom demand was never an option for either sheriff's office but formatting whole systems and reverting to backups was also undesirable because it'd be so time-consuming -- especially in the case of Lauderdale County: the ransomware had compromised multiple layers of backup servers.
"We had three layers of backup and the ransomware had gotten to the first two and the third layer was a tape system," says Calhoun -- and the data on the tapes was four weeks old, meaning a month of data was potentially about to be lost.
There was, however, another way: the Sheriff's Office turned to MonsterCloud, a cybersecurity firm that specialises in ransomware removal and recovery -- a service it offers free of charge to law enforcement agencies. As a result, Lauderdale County was able to get back up and running in days.
"They were able to get most of our data in about 36 hours," says Calhoun.
At Lamar County, Monster Cloud was also recommended to Joel Witherspoon, not only saving the encrypted data -- including the important video recordings -- but also a lot of time and effort that would have been spent calling technology suppliers and asking for services ...

Resources