A computer system of the Sheriff’s Office in Dickson County, Tennessee, has been hit by the CryptoWall ransomware, locking access to thousands of files.

The incident occurred in late October, when someone in the office clicked on a malicious advertisement placed on the website of a local radio station and triggered a drive-by download attack with the crypto-malware as the payload.

As soon as the malware reached the computer, it started to encrypt files with certain extensions and demanded the owner to pay a ransom for getting the data back.

Police pays $500 / €400 for 72,000 files

Since no backup mechanism was in place for that particular workstation, the IT director of the office, detective Jeff McCliss, was faced with a dire situation, where either the fee was paid or the data remained locked.

The detective opted for the first choice and delivered the $500 / €400 requested by the attackers in digital currency.

The decision was taken after consulting with higher law enforcement organizations that participated in the investigation of the event, such as the Tennessee and the Federal Bureau of Investigation.

According to Channel 5 News, they all agreed that the only chance to get the data back was to cough up the money.

“Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files,” he told the news station.

The information encrypted by the malware included important case files, like autopsy reports, witness statements, and crime scene photographs. Without these, criminal investigations would have been halted and evidence would have disappeared.

Honest crooks keep their promise

Security experts strongly recommend victims of ransomware not to pay the money, firstly because there is no guarantee that the crooks will keep their end of the bargain, and secondly, to discourage the phenomenon; with victims not paying up, the cybercriminals would be less inclined to carry out this sort of attack.

However, the same security experts also recommend that a backup system be in place, and in the case of a police organization, one would think that there are plenty of reasons to protect information from all sorts of threats, be they malware or just hardware malfunctions.

“Is it better to take a stand and lose all that information? Or make the payment grit your teeth and just do it?” he said. “It made me sick to have to do that;” hopefully sick enough to set up a backup mechanism, especially since the office was lucky enough to have to deal with crooks who still value their word and delivered on their promise to provide the decryption key in exchange for the money.

This is not the first time CryptoWall infects the computers of a police station. In June, the same malware family held hostage the data on a system of the police department in Durham, New Hampshire.

Fortunately, the officers there were much better prepared and had a backup solution in place, which allowed them to restore all the data and continue focusing on the ongoing criminal investigations.