© 2022 Maine Public
Play Live Radio
Next Up:
Available On Air Stations

Maine Sheriff's Department's Data Server Held Hostage for Bitcoin Ransom


WISCASSET, Maine - It wasn't a cyber attack - or even a computer hack. Instead, it was an aggressive computer virus that crippled the main data server and forced the Sheriff's Department in Lincoln County to pay a 300 euro ransom payment to cyber criminals in Europe.

Officials decided to go ahead with the payment to avoid the risk of compromising or losing all of the county's digital law enforcement data.

The trouble began March 20, when an employee of the Lincoln County Sheriff's Department clicked on a link in a suspect e-mail message.  "They call it ransomware," says Michael Murphy, a lieutenant with the department.

The virus, which appeared for the first time in September of 2013, has become increasingly popular with cyber criminals. "Once you open it up, it attacks your system and any mapped drives you have to your system," Murphy says. "And, basically, what it does is it launches itself and encrypts whatever it can find. Doesn't destroy anything. Doesn't steal anything. Nothing is missing. It's still there. It's just locked and you can't use it" - until a ransom is paid.

Murphy says the virus comes with a "read me" file, instructing the victim to send a message to a random e-mail address and wait for further instructions. A return message instructed the department to send 300 euros in Bitcoins to a Swiss bank account.

Murphy says the department had good reason to just go ahead and pay the ransom. "You have to weigh out the costs, because the ransom was minimal. These are military-grade encryptions that they're doing. And it would be next to impossible to un-encrypt it. Do you lose a lot of data? Or do you just pay this fee and get your data back?"

The department chose the latter. Bitcoin is a digital currency - a peer-to-peer, cash payment system that takes place in real time in an online marketplace.

Murphy says sensitive data was never actually at risk of being compromised or exposed. It was just inaccessible until the European cyber-criminals behind the attack received their ransom.