CryptoWall virus hits some Mahone Bay and Bridgewater town computers

Some municipal computers in Mahone Bay and Bridgewater have been infected by computer viruses that originated in Russia and encrypted non-essential town files.

Mahone Bay CAO Jim Wentzell confirmed the virus, known as CryptoWall 3.0, infected document files four weeks ago. He says the infected documents date back to 2007.

"The virus came in an email that said, 'Resumé,'" Wentzell said.

"And where we were looking to hire somebody, [the employee] just thought, 'Oh, there's another resumé to look at.' But it was a .zip file, and as it got opened, that was it. Bang."

Wentzell says the virus targeted a specific directory containing correspondence files, but was stopped at the letter F as it attacked the directory alphabetically.

Bridgewater's CAO Ken Smith also confirmed their computers had been infected by CryptoWall 3.0, and a second virus called CryptoLocker.

IT Specialist Chris Meister, who provides technical support for both towns, says the viruses attack non-networked directories through email or by a hacked website.

In Mahone Bay's case, the virus delivered an automated message requesting payment in return for unlocking the infected files.

"With the CryptoWall 3.0, it's basically almost impossible to be decrypted unless you pay your ransom," Meister said.

For this reason, these kinds of viruses are often called ransomware.

The ransom was three bitcoins — around $900 — but Meister explained the money wasn't paid because it's a scam.

"It's becoming a lot more common of a virus than what most people realize," he said.

'It could have been a heck of a lot worse'

Wentzell says the files that were infected will not impact customers or citizens in any way.

"Our accounting system has its own separate drive altogether, has its own protection. Any customer records were not affected. Any accounting records were not affected," he said.

The infection hit, Wentzell said, two days before a major budgetary meeting.

"It could have been a heck of a lot worse," he said.

Meister says he's now installed preventative measures: a real-time, offline backup of all files, as well as preventative software that targets these types of viruses.

"What we do is, on our data servers, we put on an application called CryptoPrevent, and what that does is prevents any files from being encrypted," he said.

"There's no way you can 100 per cent protect yourself because they think up another way of doing it. And by the time the anti-virus companies have picked up on it, it's already out there."