DURHAM — Durham town officials say they will not pay a "ransom" to unlock police department files attacked by the malware Cryptowall.

DURHAM — Durham town officials say they will not pay a "ransom" to unlock police department files attacked by the malware Cryptowall.



The Police Department's computer system was put into lockdown mode Friday after one of the officers opened an attachment contained within what appeared to be a legitimate e-mail.



"We deal with all kinds of e-mail, much of it from our residents," said Town Administrator Todd Selig. "The residents all have different 'handles' (user names) and it could be anything to do with town business. The attachment could have been a picture of a pothole."



Cryptowall is a variant on the virus Cryptolocker, which authorities recently shut down. What the malware does is attach to the files of the infected computer and then encrypts the files. The user cannot open them, see them or work with them. A "ransom," typically of $500 to $1,000, is demanded in order to open the files up for use again.



"We got that message and we have not opened it," Selig said. "Our IT department is working on this and we hope to have the Police Department system up and running again in a day or two. But we are definitely not paying any ransom."



According to Selig, the officer opened the attachment at about 10 p.m. Thursday. By Friday morning, widespread issues were reported within the Police Department's computer system. Police Chief David Kurz told Selig that by noon Friday, the department's computer activities were dead in the water.



The police systems were locked down quickly before they could infect any other town functions, Selig said.



According to Luke Vincent, Durham's manager of information technology, the Cryptowall malware managed to bypass both the town's spam filters and anti-virus software, creating widespread challenges for the department.



"The functions affected are the police e-mail system, and word processing, as well as spreadsheets, Excel and other administrative tasks," Selig said. "The crime records are not affected. We do back up all of our systems, so we will work to restore what may be lost."



The Police Department computer system is currently offline and segregated from the town's other servers. In addition, Strafford County Dispatch, which provides dispatch services for Durham, was notified of the infection because there is a software connection between the two agencies.



Selig said he does not believe Strafford County Dispatch has been affected.



A take-down earlier this week of a major malware-spewing botnet has crippled the distribution of Cryptolocker, one of the world's most sophisticated examples of ransomware. On Monday, the U.S. Department of Justice revealed that it, along with law enforcement agencies in several other countries, including Australia, Germany, France, Japan, Ukraine and the United Kingdom, had taken control of the Gameover Zeus botnet. Criminal charges have been filed against the alleged administrator of the botnet.



But while Cryptolocker's infection pipeline has been crippled, other rival ransomware gangs were anticipated to quickly fill the void. Durham's experience proves that point.



Cryptowall and Cryptodefense are two copycat viruses similar to Cryptolocker. Both have been in circulation since late last year. Various forms of the crimeware has been in active circulation since at least 2005, with traces leading back as far as 1989.