Lincoln County Sheriff’s Office

Sheriff’s office prepared after bitcoin ransom

Fri, 04/10/2015 - 4:00pm

    Despite being the victims of a computer virus that encrypted local law enforcement computers, Lincoln County Sheriff Todd Brackett said there were several bright spots from an unfortunate incident.

    “No personal data was mined — it looks like they didn't take any information,” he said. “We had to pay the ransom, but it looks like nothing was extracted from the server.”

    In March, the local law enforcement server, which includes the sheriff's office, along with police departments in Damariscotta, Waldoboro, Wiscasset and Boothbay Harbor, fell victim to an encryption virus, which encrypted files and made them essentially unreadable.

    The virus likely came in the form of an email, which a user of the server unknowingly opened. From there, the user was likely directed to a link, which downloaded the virus onto the server, Brackett said.

    “It definitely wasn't intentional,” he said. “Next time, we'll just pay the ransom on the first day and be done with it. It's like a jail — it's very safe and secure, but that can mean nothing if you leave the door unlocked.”

    Brackett said the idea of paying a ransom to a software hacker didn't appeal to the sheriff's office, but that Burgess Computer covered the equivalent of 300 euros in bitcoin currency ($318) ransom to a European bank account.

    “Paying a ransom — let's say it goes against the grain,” he said. “We tried to find a way around it, but in the end our IT guys and Burgess recommended just paying the ransom.”

    The encryption was lifted and the sheriff's office regained control about six to eight hours after the ransom was paid, Brackett said.

    But there were more positives to come from the incident, Brackett said.

    Now the department is aware of such scams, and how to deal with them, and there will be more training.

    “We'll have more virus protection training where we go over how to tell if something might be a virus,” he said. “Sometimes, it's hard to tell, but you've got to keep an eye out for some of these documents that people (email) you.

    “Sometimes it can be hard to tell if it contains a virus.”

    While the last virus happened at the human-level, there was a flaw in how the server was backed-up, which became apparent during the ransom, Brackett said.

    Moving forward, the back-up server will be able to replace a hacked server, meaning the department could find a work-around without having to pay the ransom, Brackett added.

    “It's possible there's another virus that's just sitting dormant somewhere on our server,” he said. “We'll be checking hard drives in all the departments, but it really wouldn't surprise me if there was another (virus) sitting dormant.

    “But I feel much better knowing we have a back-up.”