MT. HOLLY SPRINGS, CUMBERLAND COUNTY, Pa. -- A Cumberland County police department finds itself the target of a cyber attack.
The hackers locked up several computer files and demanded ransom to release them.
A link in an email is all it took for hackers to break into a computer at the Mt. Holly Springs Police Department.
It's a lesson for anyone who uses a computer.
People can never be too careful about opening email.
Mt. Holly Springs Police Chief Thomas Day said, "She had received an email from FedEx, stating that we had missed a delivery for a package delivery and for rescheduling."'
A secretary's seemingly harmless click on an email from what appeared to be a familiar company caused several Mt. Holly Police Department files to be locked up and digitally held hostage.
"Anything that we would have for council meetings, our spreadsheets, there were no police files whatsoever jeopardized in this," Chief Day said.
It's called Cryptowall. Hackers encrypt your computer files, then send a ransom note that the data will stay scrambled until you pay up in digital bitcoins.
"It was extremely disturbing, especially when we thought we were covered for this type of stuff. To me, it's important to make sure you have a very good I-tech person," Chief Day said.
It's why Mt. Holly Springs Police hired an IT consultant, who advised not to open an email if you don't know who's actually sending it.
3rd Element Consulting CEO Dawn Sizer said, "The other thing is you can check the email header, who it's actually being sent from. So, the sender itself, if you take a look at it, if you're using Outlook, you just put your mouse over top of it. It will actually show you who the sender really is, and not just who it's showing up as."
Sizer also recommends using Chrome as a secure browser against pop-up ads, and safe storage for files.
"Anything that you care about, make sure that you have a good back up of it, your next thing is have good anti-virus. That should be your last step," Sizer said.
The police department secretary's files remain locked up, but it's unlikely the hackers will meet the same fate.
"It's almost impossible to trace it back to the original source for any type of prosecution, so you either pay the ransom or you lose your files," Chief Day said.
The hackers asked for about half a bitcoin, which would be worth about $300.
When asked if the police department would pay the ransom to retrieve its files, the chief emphatically said "no."
Sizer recommends anyone who doesn't have an off-site server, to use cloud storage. It will allow users to store files in a safe, secure, and separate location, not to mention access to a clean copy.
Other ways to keep a computer safe includes ad-blockers and more complex password protection.
Sizer said if a virus is embedded in a pop-up ad, and it's playing on the screen, the ad doesn't have to clicked on for it to gain access to your computer.
Sizer recommends passwords to be at least 12 characters long, while a 16-character password is even better.
As far as the lost files at the Mt. Holly Springs Police Department, there were only Word docs, Excel spreadsheets, and past traffic citations from two years ago that were lost.
Fortunately, the secretary still has hard copies of the documents. Unfortunately , she will have to re-type everything back into the system.