Details of a sweeping international ransomware operation which had seen cybercriminals rake in millions in bitcoin from hundreds of thousands of victims around the world include a state prosecutor’s office in Pennsylvania, a report has revealed.
The Avalanche group are the instigators and profiteers of ill-gotten gains from a comprehensive ransomware operation that had been active from 2010. Conservative estimates peg that the group may have compromised at least 500,000 computers around the world. A joint operation between U.S. and European Union authorities, alongside cooperation from 40 other countries, dismantled and disabled the Avalanche network, an FBI release revealed just two days ago.
Since the arrest, federal prosecutors have, through court documents alone, said that an unidentified state government entity was among the victims of the Avalanche network. An Associated Press report has revealed that government entity to be the Allegheny County district attorney Stephen Zappala Jr.’s office in Pennsylvania.
According to Zappala, the ransomware struck when an employee at the office unwittingly clicked on a phishing email that contained the link to the malware. This employee “opened the link because it appeared to go back to a legitimate government agency,” Zappala told AP.
The link triggered the ransomware payload and proceeded to infect the district attorney’s office’s computer network. Federal court documents have revealed that payment of $1,400 in bitcoin was transferred for the decryption key to regain control of the office’s computer network. The office’s network has since been reinforced to avoid future ransomware attacks, the district attorney added.
The incident is among a number of other examples wherein government entities or even law enforcement agencies have previously been targeted and paid bitcoin ransoms to regain access to a computer or network.
In late 2014, the Dickson County Sheriff’s Office in Tennessee paid a bitcoin ransom of $500 to regain access to tens of thousands of files on their network. The Sheriff’s office was struck by Cryptowall, arguably the most destructive and wide-reaching ransomware strain in recent years.
Another incident from earlier this year had the Melrose Police Department in Massachusetts pay one bitcoin in ransom to regain control over its files and software, two days after the attack.
Image from Shutterstock.