+ More on Network World: FBI: Be wary about Web searches for federal information +
Police in Tewksbury, Mass., came up with the ransom after four or five days when they realized they could not break the encryption and needed the attackers to send them the private key in order to access the data.
"It basically rendered us inoperational with respect to the software we use to run the Police Department," Police Chief Timothy Sheehan told the Tewksbury Town Crier. The incident occurred last December, with the infection taking place Dec. 7 on a workstation.
Attackers moved laterally through the network until they corrupted the department's main server. Police had files backed up on an external hard drive that was also corrupted, so they either had to pay the $500 or lose the data permanently.
State police and the FBI both consulted on the case, as did Delphi Technology Solutions and Stroz Friedberg, a forensics company. None of them could crack the encryption so the department paid, the Crier said. Stroz Friedberg converted the $500 ransom into bitcoins and paid on behalf of the department.
The affected applications included computer-aided dispatch, records management, arrest logs, calls for service and motor vehicle matters.
The same thing happened to another police department in Swansea, Mass., in 2013, it cost that town $750.
Many experts say victims should refuse to pay the attackers, but after considering the alternative of never regaining the encrypted data, many victims pay anyway so they can get back to doing business.