State information technology experts spent last weekend battling a sophisticated virus that attempted to take control of all the computer system files in the Treasurer’s office.
David Gustafson, administrator of the state’s enterprise IT Services, confirmed the attack Thursday saying it was a version of a virus called “Cryptolocker” that infects a host computer then begins to encrypt all the filed in the system. Once it has control of the system, Cryptolocker demands blackmail payments to release that control.
Cryptolocker and virus programs like it are commonly referred to as “ransomware.” They either restrict the owner’s access to a computer system or grab files and encrypt them so the owner can’t access his or her records. The authors then threaten to delete the files unless a ransom is paid.
In this case, Gustafson said the treasurer’s office IT staff and his security people moved quickly to fence off the virus and stop it from encrypting files or spreading to other agencies.
“We quarantined their network and instructed staff to turn off everything and disconnect them from the net,” he said.
He said IT tracked the virus to the host computer and removed it. Gustafson said the treasurer’s staff has now restored nearly all the affected files.
Gustafson said as far as he has been able to tell, no other agencies were infected by the attack.
The number of these viruses has grown exponentially in recent years and been used to attack a large number of businesses — particularly small businesses — as well as local governments.
Officials believe the attacks come from Russia and other Eastern bloc countries where U.S. law enforcement can’t get to the perpetrators. The computer security vendor McAfee reported last year they had collected some 250,000 unique samples of ransomware.
One local police agency in Massachusetts reportedly paid the attackers to restore its files.
Gustafson said the state is in the process of dramatically improving its cyber-security to protect the state’s records from attacks such as this one.
Gustafson said Cryptolocker is much more serious than the other viruses that can be handled by simple, inexpensive anti-virus programs.
He said it can accidentally be downloaded into home computer systems too and urged people with home computers to keep their anti-virus programs up to date and learn not to randomly click on different things they see on their computer screen unless they know exactly what they are accessing.