SalemNews.com, Salem, MA

July 20, 2012

Hackers threaten Danvers firm, seeking ransom

By Ethan Forman, Staff Writer
The Salem News

---- — DANVERS — A local business received a strange, threatening message every time someone tried to open a file Wednesday, police said.

Hackers claimed to have hijacked the firm’s files through the use of encryption, though it is not clear if they were actually able to do this. If the company did not pay a ransom, the hackers threatened to send child pornography and spam purportedly from the business to police, on top of the loss of the company’s files.

“Your files has been decryptes using 256-bit Advanced Encryiption Standart,” read the warning message from hackers, which was filled with spelling and grammatical errors.

Police are asking others to call them if they receive a similar message. They also warned people not to send any money to hackers and to make sure their antivirus software is up-to-date.

The message threatened that if the business did not wire $3,000 through a Costa Rican payment processor within 96 hours, the hackers would “send report to the Police with special password to decrypt some files wich contains spam software and child pornography files.”

Only after the money was wired would the hackers send a special password to unlock the files.

Deleting files, the message said, would only start the encryption process again, and the hackers warned that could mean the loss of files forever. The hackers even offered to prove they could unlock files by asking the business to send a picture to decrypt.

“If you don’t know what to do — better do nothing,” the message warned about trying to fix the problem by deleting software.

Instead of doing nothing, the business went to police.

The business, which police Chief Neil Ouellette declined to name out of concern that the incident would harm its reputation, “reported they had some suspicious actions within their main server and it was giving them messaging every time they tried to open a file,” Ouellette said.

The incident was reported to police around 5 p.m. Wednesday, and police went to the business to check out the message.

The business had its information technology person working to purge the server of the hacker’s software. Ouellette suggested that if residents receive a similar threat, police should view the computer first to see if there is any evidence they can use before contacting a technician to fix the problem.

Other than hacking into the computer, the hackers did not cause any monetary damage, nor were they able to steal any files, Ouellette said.

Staff writer Ethan Forman can be reached at 978-338-2673, by email at eforman@salemnews.com or on Twitter at @DanverSalemNews.