$2,440 ransom paid to release Arkansas sheriff's hacked files

The Carroll County sheriff's office has recovered most of its computer files after overseas hackers breached its system and blocked deputies from accessing information until paying a $2,440 ransom, authorities said.

Chief Deputy Major George Frye said the office's system was "functional" Tuesday and all but a few noncritical files could be accessed after the department's computer network was attacked with "ransomware."

"We had no choice but to pay it," Frye said. "No one knew where it came from. There was no way to prosecute them."

In a move more akin to the type of espionage found in a Tom Clancy thriller, someone -- officials believe the hackers were from Russia or India -- sent an infected email or Internet link to the sheriff's office in Berryville in November. Once a user clicked on the email or link, ransomware code infected the computer and began encrypting files.

Sheriff Randy Mayfield accessed the computer system Dec. 5 and discovered all of his department's information, such as deputies' reports, booking notes and other day-to-day operations, were locked.

[EMAIL ALERTS: Sign up for free breaking news updates + daily newsletters featuring day's top stories]

ADVERTISEMENT

More headlines

The only thing that could be opened was a notice that the system had been hacked and the hackers were demanding a ransom.

At least four other computer systems in Northwest Arkansas have been victims of ransomware in recent weeks, authorities said. Frye said he did not know if the other systems involved law enforcement agencies.

Cyberattacks are a growing trend, the FBI said in a news release. Governmental agencies and larger businesses are frequent targets because the payoffs are generally higher, the bureau said.

An Allegheny County, Pa., prosecutor's office was forced to pay $1,400 after its system was infected last week.

The Madison County, Ind., county offices closed for several days last week after computers in the northern Indiana county were infected by ransomware. After officials paid a $21,000 ransom, computer files were released.

Hackers also attacked a Los Angeles hospital in February, locking out medical files and operations until administrators there paid $17,000.

"These criminals have evolved over time and now bypass the need for an individual to click on a link," FBI Cyber Division assistant James Trainor said in a news release. "They do this by seeding legitimate websites with malicious codes, taking advantage of unpatched software on end-user computers.

Hackers often ask for payment in "bitcoins," a virtual form of currency, because the receivers of the ransom can remain anonymous.

"Paying a ransom doesn't guarantee an organization that it will get its data back," Trainor said in the news release. "Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved."

The FBI said more than 20,000 computer systems were hacked by ransomware in 2015.

"They basically held us hostage," Frye said. "All you can do is pay the ransom."

He said Carroll County officials contacted the FBI and the Arkansas State Police but were advised, because of the sophistication of the crime and its overseas location, to pay the ransom rather than try to catch the hackers.

photo

Arkansas Democrat-Gazette

A map showing Berryville.

Once the sheriff's office sent three "bitcoin" payments totaling $2,440, the hackers sent instructions on regaining access to information on the computer system.

Mayfield is taking preventive measures to try to ensure the system won't be hacked again, but there is no guarantee it can't reoccur, Frye said,

"Obviously, we weren't very happy with this," Frye said. "We had to get educated quickly so that it doesn't happen to us again."

State Desk on 12/14/2016

Upcoming Events