'Ransomware' hackers to go unpunished?

Greater Manchester Police (GMP) will not be pursuing the criminals who used a Trojan horse program to lock a Manchester woman's files and demanded a ransom to release them.

The malicious Archiveus program was unintentionally downloaded by Helen Barrow of Rochdale, who found it locked her files into a 30-character password-protected folder. A ransom note instructed her to avoid going to the police and told her to buy pharmaceutical products online to gain the password to release her files.

Barrow did not pay and she managed to recover some data. The police, however, will not be investigating the crime.

A spokeswoman for GMP told silicon.com sister site ZDNet UK: "We aren't investigating the incident as it's an internet crime and not within the GMP area - technically it's international."

A spokeswoman for GMP told Out-Law.com: "Trying to find who did this would be a monumental task."

No other police force appears to be investigating the incident either. The GMP spokeswoman said: "We are not aware of any ongoing investigations."

Legal experts questioned the wisdom of sending a message to hackers that they would not be chased for committing internet crime.

Struan Robertson, senior associate at solicitors Pinsent Masons, said: "To say it's difficult to trace a hacker is a dangerous message for the GMP to send. It's unrealistic for police to investigate every single incidence of hacking but their response in this case is disappointing."

Senior ex-police officers and security experts are understood to be concerned that cases of this kind will not be investigated as they fall outside the remit of both local police forces and international crime agencies.

Cases such as the Archiveus incident would previously have been dealt with by the National High Tech Crime Unit (NHTCU), which was amalgamated into the Serious and Organised Crime Agency (Soca) in April.

Robertson said: "This is the kind of attack that presumably would have been within the NHTCU's remit. There is a risk that people will perceive crimes of this kind as falling outside the remit of Soca, because they do not appear to be the work of organised criminals."

Soca refused to comment on whether this case falls within its remit and could give no suggestion as to whether this incident is actually being investigated by any police unit at all.

A Soca spokesman told silicon.com sister site ZDNet UK: "If it falls within our remit, we will investigate. E-crime is a concern of Soca but we can't comment on individual cases. Soca doesn't comment on ongoing or possible investigations at all."

Cambridge University security expert Richard Clayton pointed out that the police simply aren't in a position to handle every reported crime but also warned that some cyber crime offences - including international cyber crime committed by individuals - may be a priority for neither local officers nor Soca.

Clayton said: "Firstly, it is not realistic to expect the police to investigate every crime - we all know that from personal experience, if our house has been burgled or our car broken into.

"The second issue is the demarcation issue that is occurring, hopefully temporarily, in the UK whereby local police with local targets to achieve do not have any resources or incentive to investigate out-of-area criminality. However, the national force is concentrating on 'organised' crime, and so if the crime looks like a one-off, committed by an individual, then even if they might be able to track them down, they may not be interested either."

Antivirus companies have now cracked the Archiveus Trojan, and determined that the password used to unlock data is: 'mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw'.

Tom Espiner writes for ZDNet UK