Cryptolocker scrambles eight years of data belonging to US town hall
Some data gone forever
The Cryptolocker ransom Trojan has claimed another victim in small-town America, scrambling eight years-worth of files held by a New Hampshire town authority. Some are believed to be irretrievable.
According to local press, the notorious malware found its way into the network of Greenland town hall on 26 December after an employee opened an attachment that had arrived in an email purporting to be from AT&T.
Town administrator Karen Anderson learned of the infection on 30 December, by which time Cryptolocker’s ransom deadline had expired, taking with it Microsoft Word and Excel files going back most of a decade.
Related Articles on Techworld
"The results have left us with documents that are no longer readable. I've lost eight years-worth of my work," Anderson was quoted as saying by Seacoast Online.
Many of the files had been recovered from backups, including some that had been stored in paper form in a safe. Files lost forever included forms, requests for proposals, business bids, and some miscellaneous data on costs.
"I've tracked all our electric costs by building, waste tonnage, recycling tonnage ... for the eight years. All that data is gone," Anderson said. "It is not harmful to the town. It will just be more time consuming recreating all of these documents."
Luckily, a proprietary software system had been used to store tax files, saving it from Cryptolocker's attention possibly because it used an unusual data format.
The attack highlights the vulnerability of small and probably under-protected government offices and SMEs to the ravages of Cryptolocker, a form of malware designed specifically to target this data-rich sector above all others.
It was a similar if more disquieting story in November when a police department not far away from Greenland in the Massachusetts town of Swansea ended up paying a $750 (£470) ransom to the criminals behind Cryptolocker in order to recover scrambled files.
Despite probably infecting at least 250,000 systems since September, the worst of Cryptolocker’s first wave appears to be over. A small but lucrative percentage of those infected paid up and the criminals have had to re-design the malware in order to keep its business model going.
Recent innovations include targeting narrower target lists such as P2P file sharers and adding the worm-like behaviour of spreading via USB stick.