Why Local Police Departments Are Prime Targets for Ransomware Attacks
Connecting state and local government leaders
Organizations that typically don’t have sophisticated IT teams or extensive security measures are especially vulnerable.
IT teams at law enforcement agencies across the United States have been dealing with an unusual challenge. White collar criminals, mostly based in foreign countries, have begun targeting police departments with “ransomware”—software that infects a computer and overwrites data, making a system inaccessible unless the user pays a ransom via Bitcoin.
The problem mainly targets smaller police departments. Some of the attacks that have been confirmed on the record occurred in places like Tewksbury, Massachusetts, and Midlothian, Illinois. Criminals behind the attack tend to look for police departments in small communities with limited resources—in other words, organizations that typically don’t have sophisticated IT teams or extensive security measures. Ransom amounts are usually modest, and hover around $500.
After the Tewksbury attack, the town’s police chief, Timothy Sheehan, told a local newspaper:
Nobody wants to negotiate with terrorists. Nobody wants to pay terrorists, (and) We did everything we possibly could. It was an eye opening experience, I can tell you right now. It made you feel that you lost control of everything. Paying the Bitcoin ransom was the last resort.
Tewksbury’s not the only community in Massachusetts targeted by ransomware operators either. The police department in Swansea, another small community located across the state, paid a $750 ransom earlier in 2015. In the case of the Tewksbury Police Department, they called in the FBI, the Department of Homeland Security, the Massachusetts State Police and private consultants before giving up and paying the ransom. They had no choice; the department’s recent backups were also infected and the most recent uninfected backup was 18 months old.
Chad Holmes, the chief information and strategy officer at security firm FireEye, told Route Fifty in an interview: “One uniqueness to state and local government compared to large enterprises is that there is a lot of ransomware,” explaining further that “They compromise a machine or data on a network, and hold that data for ransom. We've seen a huge trend for this around state and government. It especially impacts the law enforcement side of the house, but also water treatment systems too. It’s a challenge that typical large enterprises don’t deal with as much.”
Law enforcements are typically targeted by criminals for ransom in a type of cyberattack called “spearphishing,” in which an infected file is sent to a police official by a criminal posing as a business vendor or another law enforcement officer. According to CERT, the federal government’s computer emergency response team, the infected files for one popular form of ransomware called CryptoLocker typically take the form of fraudulent FedEx or UPS tracking notices.
It’s unusual to think of police departments as the kind of organizations that pay ransom, but it makes sense when examined in context. Rather than going after larger organizations such as the state police or police departments in major cities, the criminals typically target small town or exurban police departments. Then, crucially, they ask for a modest ransom amount. For many of the police departments involved, it’s cheaper to taxpayers to pay the $500 or $750 than to call in the experts.
The fake FedEx and UPS scams remain widespread; an Australian consumer watchdog group warned customers of them earlier in December. On Dec. 15, U.S. Sen. Ron Wyden of Oregon joined Sens. Ron Johnson of Wisconsin and Tom Carper of Delaware to petition the FBI to take more comprehensive action on ransomware. While the source of their concern is more for individual home consumers and small businesses than for the law enforcement community specifically, they are worried about the issue becoming more challenging in the future.
According to the FBI, one particular variety of ransomware called CryptoWall made $18 million from American victims between April 2014 and June 2015 alone.
Neal Ungerleider is a journalist based in Los Angeles, writes for Fast Company and consults on the tech industry.
NEXT STORY: What State and Local Transportation Agencies Can Expect in 2016