Cryptowall Ransomware Nets $500 Bitcoin Payout From US Sheriff's Office

A sheriff's office in Tennessee paid a $500 bitcoin ransom this week to secure thousands of sensitive files.

AccessTimeIconNov 14, 2014 at 8:40 p.m. UTC
Updated Aug 18, 2021 at 3:29 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A county sheriff’s office in Tennessee paid a $500 ransom in bitcoin after it became the victim of a cyberattack this week.

As reported by Nashville-based WTVF-TV, the Dickson County Sheriff's Office ran afoul of a bug known as Cryptowall, a derivative of infamous ransomware CryptoLocker.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Cryptowall is a Trojan horse program that, once inside a computer, encrypts its contents and triggers demands for a payment in bitcoin. The firm’s estimates suggest that after being discovered earlier this year, as many as 1,000 computers have been infected.

    Detective and sheriff’s office IT director Jeff McCliss told WTVF-TV that a data cache containing sensitive documents, photographs and criminal reports was impacted. Overall, more than 70,000 files were temporarily inaccessible due to the malware infection.

    "Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files,” he said.

    Subsequent investigation involving the Tennessee Bureau of Investigation, Federal Bureau of Investigation (FBI) and the US military reportedly produced no solutions. Ultimately, the sheriff’s office was forced to pay the ransom in order to regain access to the files.

    No good solutions

    According to investigators, issues started last month when an employee at the sheriff's office inadvertently downloaded the malware by clicking on an online ad. McCliss told the Nashville-based news program that the office was not actively targeted.

    After consulting both state and federal-level investigators – with some help from the military – McCliss concluded that the best course of action would be to pay the ransom. Otherwise, he told WTVF-TV, the sherrif’s office risked losing valuable ground on a number of cases, as well as access to needed information.

    He explained:

    "Is it better to take a stand and lose all that information? Or make the payment grit your teeth and just do it? It made me sick to have to do that."

    McCliss said that he still has many questions surrounding the malware infection, and that as a result, the choice to pay the ransom wasn’t the easiest decision he has had to make.

    “It's a very bad feeling,” he said.

    Cryptowall's reach grows

    Cryptowall has gained notoriety in recent months for its strong encryption method and global reach.

    Earlier this week, Hawaii-based news source KHON 2 reported that the CryptoLocker derivative had infected some computers located in Honolulu. At the time, local law enforcement officials urged both residents and business owners to both back up their files and maintain robust anti-malware measures.

    A report published last month by security firm Proofpoint suggested that popular online search destinations have have been utilized to boost distribution of the malware.

    According to the study, advertisements on websites like Yahoo! and AOL, as well as a number of other online publications were used as unwitting delivery vehicles for Cryptowall. The practice, known as “malvertising”, has contributed to the success of the malware and led to the Tennessee malware infection.

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.