Writte by: Anon.Dos

Dickson County Sheriff’s department was attacked by a Trojan malware. The Ransom-ware Trojan encrypted all the case files in the system. The creator of the program demanded $500 Bitcoins in order to restore the seventy two thousand files.

Jeff McCliss a detective working on the case said that the malware – Crypto Wall – does not harm the files but keeps them locked until the demanded amount has been paid. After a meeting with the Federal Bureau of Investigation and Tennessee Bureau of Investigation the agencies came to a conclusion to pay the programmer. Investigators say that the malware came from a possible advert and someone must have clicked on the ad in order to download and activate the malware.

According to security website Symantec, Crypto Wall encrypts files and creates a large number of registries in the system. This happens every time the computer restarts. It also encrypts them with a particular extension with instructions on how to obtain the decryption key software.

Once the files are encrypted a text is displayed on HTML note pad telling the target to obtain a key in order to decrypt them. There is a certain time limit to it otherwise the key is lost and the files are coded forever.

The message contains a link to the website for the payment. Most of these sites are on the anonymous TOR Network. If the link is of the TOR Network it asks the user to download the TOR browser bundle in order to gain access to the link.

Following image shows the Global CryptoWall fnfection distribution (Click on the picture to enlarge):

Link: Protect your PC and mobile devices from hackers & governments and surf anonymously

____________________________________________________________________________________________________

Sources:

http://www.techworm.net/2014/11/sheriff-falls-prey-ransom-ware.html

http://www.symantec.com/security_response/writeup.jsp?docid=2014-061923-2824-99