The Presque Isle Police Department. Credit: BDN file photo

PRESQUE ISLE, Maine — The ransom time clock on the Presque Isle Police Department’s ransomware attack ran out Wednesday at about 9:30 p.m. in a dramatic red-numbered countdown of minutes and seconds racing toward zero on the hacker’s dark web site.

But it looks like the unidentified criminals have not yet made their next move with the site on hold and a message of new updates, “Coming Soon,” posted since last night.

Following an April 18 hack of the city’s server, the Avaddon Ransomware-related cybergang threatened to begin dumping the Presque Isle Police Department files on the dark web if police did not comply with the undisclosed amount of ransom request.

“The incident was reported to the FBI,” City Manager Martin Puckett said on Tuesday after confirming there was unauthorized access into the police department’s server. “We were able to restore from a daily backup.”

But in keeping with standard practice, the FBI declined to comment on the specific Presque Isle incident.

“Ransomware continues to be a persistent threat. Here in the Boston Division, which includes all of Maine, we receive at least two to three reports a week from new victims and we know the actual rate of infection is much higher than what is reported to us,” FBI Boston Division spokeswoman Kristen M. Setera said on Thursday afternoon. “According to the FBI’s Internet Crime Complete Center, in 2020, seven victims in Maine reported suffering ransomware attacks resulting in approximately $95,178 in losses.”

The Presque Isle Police Department was hit with a ransomware attack on April 18 and the unidentified cyber criminals threatened to dump all police data if the ransom was not paid by the April 28, 2021 deadline. Credit: Screenshot

Puckett declined to comment on whether the city is considering paying the ransom, but Setera said the FBI tells ransomware victims to not pay a hacker’s ransom demand because it encourages continued criminal activity. There also is no guarantee the hacker will decrypt a victim’s files, and affected files can sometimes become corrupted from encryption, making them unrecoverable.

Two years ago, Augusta’s city server was hit with a ransomware attack. City officials chose to not pay the $100,000 ransom and instead, the city rebuilt its system.

In a more recent twist, cybercriminals are using what experts call double extortion schemes that not only hold the data hostage, after a specified time, they also threaten to dump all the stolen files onto a dark web site for anyone with access to read.

In the Presque Isle incident, the Avaddon-related gang said that when the police department’s 10 days to pay were up, it would start dumping confidential documents. So far, the only documents on the Avaddon site are the police records posted since the initial threat which include victim statements, domestic violence incident reports, victim’s personal information, information on gun purchases, other police reports and business documents.

Nearly 11,000 had viewed the posted information by Thursday afternoon .

For an unknown reason, Presque Isle Police Department and the Washington, D.C., Metropolitan Police Department were both hit by this ransomware attack. Cybercriminal group Babuc claimed responsibility for the Washington, D.C., attack.

Ransomware is frequently delivered through phishing emails that contain malicious attachments or links to malicious websites. Once the victim’s device is infected with ransomware, the files become encrypted and they are no longer able to access their own data. The criminal then demands the payment of a ransom to get the files returned.

The FBI offered some protection tips:

— Use the most current and patched version of your operating system; use the most current and patched version of your applications, such as your email software, web browser, PDF viewer and word processor; keep your preferred anti-malware service up to date; and do not open documents or click on links sent from an untrusted source over the internet.

— Victims infected with ransomware are usually also infected with other types of malware that remain hidden on their system even if the victim decides to pay the ransom. The FBI recommends that instead of paying a hacker’s ransom, victims perform a full remediation of any infected systems to include wiping their computers and restoring them from offline backups.

— If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the internet to avoid any additional infections or data losses. Contact your local FBI Field Office for assistance and file a detailed complaint with the Internet Crime Complaint Center (IC3) at ic3.gov.

Kathleen Phalen Tomaselli

Kathleen Phalen Tomaselli is a reporter covering the Presque Isle area. Over the years, she has covered crime, investigations, health, politics and local government, writing for the Washington Post, the...