‘Our computer system got hacked;’ Sheriff’s department hit with ‘ransomware’

Our computer system got hacked;’ Sheriff’s department hit with ‘ransomware’
BERRYVILLE — You might have heard of computer hacking as of late, but Carroll County Sheriff Randy Mayfield knows it too well.
“Our computer system got hacked,” Mayfield told reporters Monday afternoon.
Mayfield introduced reporters to Lt. Daniel Klatt, who he said runs information technology for the department.
Klatt said the department’s system was hit Monday, Dec. 5, with what he called “ransomware,” which locks all information on the system unless the victim pays a fee.
In this case, the hackers, who he said were likely based in India or possibly even Russia, got into the management system. It holds all reports and bookings and other day-to-day operational data.
He was at home when he got a call that Monday night that the system had gone down. He logged into the system remotely and saw what was happening in time to shut down other parts of the system the hackers hadn’t gotten into.
Still, about one-sixth of the department’s data was encrypted before he could stop it.
Klatt stressed that no data was stolen and remained on the system. But the encryption meant no one could use it unless the ransom was paid. The hackers demanded three “bitcoin,” the untraceable electronic monetary replacement that allows for such transactions.
The value of a bitcoin changes every day, Klatt said, but the value of three bitcoin that day was about $2,440.
Mayfield said he told Klatt to contact the state Attorney General and the FBI to find out what they could do. Though none of those officials wanted to tell them in so many words, Mayfield’s office did the only thing it could.
They paid the ransom.
Klatt said the department was hit with a program called “Dharma,” which he described as “a newer flavor” of ransomware that only hit the market within the last couple of months.
The hackers aren’t out to steal any data, merely to deprive the owner of the information for profit.
“They’re after payment,” Klatt said.
They communicate with a victim in a picture file that’s the only file the user can open. It simply demands money.
The hackers are going after anything they can find. Mayfield said they concentrate on schools and universities, then governmental agencies.
Klatt said another agency in Carroll County was hit at basically the same time as the sheriff’s office, but he declined to name that agency.
He said there’s no guarantee that it won’t happen again, but the department is instituting new security measures in hopes of getting ahead of the hackers. Still, he said they try to stay ahead of the criminals, but often don’t know what they’re doing until they do it.
It’s fairly simple for a small business or even a private homeowner to back up important files, but a backup isn’t so easy for an agency like the CCSO, which has several terabytes of data. The last time they did such a physical backup took about 50 hours to complete.
And hackers are now even going after a user’s cloud-based backups if possible.
The one good thing is that the hackers do unlock the data when paid. For instance, if two users get hit with Dharma and only one of them gets their data unlocked, the hackers could get a bad reputation.
“It’s a business,” Klatt said.
The CCSO system was down from Monday through Friday, but, Klatt said, the vast majority of the system was back up and running Monday.


. . . . . . . .

Leave a Reply