The Ultimate Guide to Law Enforcement Ransomware Protection

When considering how to prevent ransomware, focus on the essential asset of every organization: content. Security must go beyond protecting infrastructure. A form of malware, ransomware essentially takes files and systems hostage, blocking content.

What is Ransomware?

Ransomware is a type of malicious software that locks your electronic device and prevents you from accessing your data unless a fee is paid. Ransomware generally comes in two forms. The first type of ransomware is known as “locker ransomware”. As it sounds, locker ransomware locks (also known as “encrypts”) the entire hard drive of your electronic device, which essentially locks it out of your entire system. The second type of ransomware is called “crypto ransomware” and only locks certain important files on your electronic device like spreadsheets, Word documents, or photos.

Ransomware works by entering a system and then spreading between organizations. Several common tactics used to gain access are:

    • Drive-by-downloads
    • Phishing
    • Malicious Advertising or Malvertising
    • Exploit kits
    • Social Engineering

Once the ransomware has been activated, it generally encrypts the infected systems and presents a ransom note. Depending on the type of ransomware, it can sometimes be decrypted. The most virulent strains of ransomware cannot be decrypted without the attacker’s key.

How is Ransomware Distributed?

Cybercriminals often use phishing emails or exploit kits to put ransomware on your electronic device. In a phishing email, cybercriminals use a “bait” that is generally shaped like what appears to be a link to a legitimate website or a valid attachment such as a Word document or spreadsheet. However, the links or attachments actually deliver malicious software that infects your electronic device with ransomware. Also, since the “bait” is usually sent by email, it is difficult for security software to filter potentially harmful messages. An exploit kit is an automated malicious tool that searches for security vulnerabilities in electronic devices that have not been updated (also known as “patched”). After the exploit kit locates the security weakness, the cybercriminal can deliver ransomware to the device.

Why are Law Enforcement Agencies a Target?

Law enforcement agencies are targeted by ransomware attacks due to cybercriminals’ desire for profit, retaliation, and notoriety.


Cybercrime is a profitable business and there is a huge market for information maintained in law enforcement computer systems, such as case files and personnel records. Most of the time, ransomware attackers will require payments to be made in some type of digital currency. The most popular digital currency is Bitcoin and since the beginning of June 2018, the value of Bitcoin exceeded $7,600.00. Therefore, receiving even a single Bitcoin is reward enough for cybercriminals to continue ransomware attacks.


Cybercriminals May Try to Deliver Ransomware to Law Enforcement agency systems in retaliation for daily law enforcement work, such as investigations or verdicts resulting in criminal convictions. At the same time, the witnesses or suspects related to controversial cases could target law enforcement agencies. Finally, disgruntled current or former employees may turn to ransomware as a way to retaliate against your former or current employers.


Successfully executing a ransomware attack against a law enforcement entity can provide individuals or groups with notoriety and credibility in the cybercriminal community. Additionally, media coverage and mentions on social media are very attractive to cybercriminals.


Once an agency was encrypted with ransomware, it’s highly difficult to use the digital evidence in court. This is solely because there is no real way to prove it was not altered from its original format or taken and used elsewhere. Thus, it jeopardizes the chain of custody and integrity of the files.

The Next Steps

The best and fastest way to respond to a ransomware attack is to have a plan. This means researching and documenting every step of the recovery process, including assigning roles and responsibilities. Quick response to a ransomware attack goes a long way toward mitigating damage and speeding recovery. With ransomware, advance planning and the effectiveness of the plan can determine the impact of an attack. Ready to get started? CJIS Solutions have experts ready to answer your questions and take action. CJIS Solutions was the first CJIS Compliant cloud hosting company in the United States providing every day technologies to law enforcement. Please feel free to call us or fill out the contact form, and someone will be immediately in touch with you!