One for the home team! Police departments and information technology departments across the country have reached out to Durham to seek their advice on how to deal with a difficult ransomware virus.
According to Luke Vincent, the town’s IT manager, approximately seven other departments had reached out to him to find out how Durham dealt with the ransomvirus after the town had success in eradicating the virus. The Durham Police Department was infected with a virus in June, and its creators demanded a ransom to eliminate it.
“There have been quite a few calls,” he said. “It was a random mix of peers in IT and police departments. Most of the curiosity has been with the actual event; how did it work inside our system and the other half (ask) what we do if we have it. Unfortunately, there’s not much you can do besides restoring.”
Vincent said that they found that it was a Cryptowall virus that had infected the department, which encrypts the computer’s files and will not provide the key to decrypt the files unless a ransom is paid. Vincent said that the virus was downloaded on one computer and passed to several others when the employee shared administrative files to another employee that had the virus attached. Rather than pay the ransom, the town decided to restore their files by using backups that had been updated the day before.
“The files are at ransom and encrypted and the only way to decrypt them is to talk to the bad guys, and usually there is a monetary exchange,” he said. “We decided not to go to try decryption, but to restore the files. It was a good chunk of encryption, but thankfully, we do good backups.”
Unfortunately, some departments have not had the same success as Durham. According to an article from “The Tennessean,” a paper based in Nashville, Tenn., the Dickson County Sheriff’s Office was forced to pay $572 to decrypt their files after being invaded with a ransomware virus.
“It’s different for each situation,” Vincent said. “I can’t make the call for each individual or entity. In our situation, we had good backups. We knew we would never pay that ransom. Personally, I have grave concerns about giving money to a criminal who would do that. I see it as encouraged that behavior and that is not something I want to be a part of.”
Vincent said that some departments have avoided paying the ransom by having snapshot copies of their files, but the newest version of this ransomware virus will wipe these snapshot copies before encrypting the files.
“The best prevention, and the only prevention, is a good solid backup of files on a media that cannot be reached by virus,” Vincent said.
He added the best way to do this is to back up offline.
Town Administrator Todd Selig said that the town is no stranger to these types of viruses. The town saw town computers infected with viruses just last week.
“One of our contract minute takers had her personal email account compromised,” he said. “This malware sent out an email to all of her contacts.”
Selig said that this included all of the Town Council members, resulting in one of the councilors sending out the same virus-infected emails.
“What we tell our staff is, when in doubt, go without opening,” he said. “Take the time to call the person directly.”