Traffic study for Rte. 27 signal

Hannah-Adams-Rte-27-South150

A traffic signal is needed at the Rte. 27 intersection with South Street, because of traffic volumes and backups, per a January 19 letter from traffic engineers hired by Chief Meaney to study the need, summarizing their recent study.  The traffic signal is projected to cost about $200,000.

Reportedly, however, Mike Sullivan says Chief Meaney is considering whether to ask the town meeting to proceed with that traffic signal or one for the intersection of Rte. 27 and West Street, which has a high number of accidents, many of which have been serious due the speeds of the vehicles.

The letter appears below and as a more readable PDF is here  20160119-mcmanus-town of medfield_route 27 (spring street) at south street_signal memo (2…


McMAHON  ASSOCIATES
300 Myles Standish Boulevard | Suite 201 | Taunton, MA 02780
p 508-823-2245| f 508-823-2246
mcmahon a ssociates.com
PR INCI PA LS
Joseph W. McMahon, P.E. Joseph J. DeSantis, P.E., PTOE
John S. DePalma William T. Steffens Casey A. Moore, P.E.
Gary R. McNaughton, P.E., PTOE

A SSOCIA T ES
John J. Mitchell, P.E. Christopher J. Williams, P.E.
R. Trent Ebersole, P.E. Matthew M. Kozsuch, P.E. Maureen Chlebek, P.E., PTOE
Corporate Headquarters: Fort Washington, Pennsylvania
Serving the East Coast from 13 offices throughout the Mid-Atlantic, New England, and Florida

January 19, 2016
DRAFT

Chief Robert E. Meaney, Jr. Medfield Police Department 110 North Street
Medfield, MA 02052
RE:

Route 27 at South Street ‐ Medfield, MA

Dear Chief Meaney:
McMahon Associates has completed a traffic warrant analysis at the intersection of Route 27 (Spring
Street/High Street) at South Street in Medfield, Massachusetts. The purpose of this study is to
evaluate existing traffic conditions at the intersection and to determine if a traffic signal is
warranted. Our assessment is based on a review of current traffic volumes, accident data, and
anticipated traffic growth over a 10‐year period. This study examines and documents future
conditions under unsignalized and signalized scenarios.

EXISTING CONDITIONS
The study area is composed of the two intersections of Route 27 with South Street, which are offset
intersections approximately 600 feet apart. The study area intersections are displayed in the
attached Figure 1. The southerly intersection of Route 27 (High Street) and South Street is
currently signalized, while the northerly intersection of Route 27 (Spring Street) and South Street
is unsignalized, with free‐flowing traffic on Route 27 and stop control on South Street.

Route 27 (Spring Street/High Street) is a two‐way, two‐lane urban principal arterial under Town of
Medfield jurisdiction. Route 27 is approximately 30 feet in width providing one‐foot wide shoulders
on either side of the roadway and generally runs in the north‐south direction through the Town of
Medfield. Route 27 currently has a posted speed limit of 40 miles an hour in the study area.

Both segments of South Street are two‐lane, two‐way urban minor arterials also under Town of
Medfield jurisdiction, which runs in the east‐west direction through the Town of Medfield. The two
segments of South Streets have shoulder widths varying from one to three feet on either
side, with a posted speed limit of 30 miles an hour in the study area.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 2 of 9

Route 27 (High Street) at South Street
At the southerly intersection with South Street, Route 27 (High Street) provides a through lane and
exclusive right turn lane on the southbound approach, and a through lane and exclusive left turn
lane on the northbound approach. South Street is approximately 40 feet in width and provides a
single multi‐use lane on the eastbound approach with shoulder widths ranging from one to three feet
on either side. There is a crosswalk located across the southbound approach at the intersection,
which spans across Route 27 and provides connectivity between the sidewalk on the eastern side of
Route 27 and the northern side of South Street. There is also a raised island present on the
southbound approach to facilitate the channelized right turn lane. The intersection of Route 27
(High Street) at South Street is currently signalized in all directions and provides an exclusive
pedestrian phase.

Route 27 (Spring Street) at South Street
The northerly intersection of Route 27 (Spring Street) at South Street is approximately 25 feet in
width at its intersection with South Street, providing one‐foot shoulders on either side. South
Street is approximately 75 feet wide at its intersection with Route 27 (Spring Street), with no
shoulders on either side of the roadway. South Street is currently under stop control at the
intersection, while Route 27 (Spring Street) is free‐flowing in the north‐south direction. There
are currently no crosswalks present at the intersection of Route 27 (Spring Street) at South
Street. However, there is an existing portion of sidewalk on the southeastern corner of the
intersection which provides connectivity to the intersection of Route 27 (High Street) at South
Street.

Sight Distance
A field review of the available sight distance was conducted at the South Street westbound approach
at the intersection of Route 27 (Spring Street). Route 27 (Spring Street) has a posted speed limit
of 40 miles per hour in both directions. The American Association of State Highway and
Transportation Officials’ (AASHTO) publication, A Policy on Geometric Design, 2011 Edition, defines
minimum and desirable sight distances at intersections. The minimum sight distance is based on the
required stopping sight distance (SSD) for vehicles traveling along the main road and the desirable
sight distance allows vehicles to enter the main street traffic flow without requiring the mainline
traffic to slow to less than 70% of their speed and is referred to as intersection sight distance
(ISD). According to AASHTO, “If the available sight distance for an entering or crossing vehicle is
at least equal to the appropriate stopping sight distance for the major road, then drivers have
sufficient time to anticipate and avoid collisions.” The following table summarizes the sight
distance standards for the various speeds.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 3 of 9

Table 1
Sight Distance Requirements

Approach      Movement

Speed (MPH)

SSD
Required (ft)

SSD
Measured (ft)

ISD
Required (ft)

ISD
Measured (ft)

Meets Requirements

South Street WB at Route 27 (Spring Street)

Left (South)         40               305                 500+                445              500+
Yes

Right
40               305                 500+                445              500+
Yes
(North)

For the westbound approach of South Street, there is over 500 feet of sight distance in either
direction along Route 27 (Spring Street). Based on the above mentioned requirements for stopping
sight distance and intersection sight distance with a posted speed limit of 40 miles per hour, the
South Street approach at the intersection with Route 27 (Spring Street) provides sufficient
available sight distance.

Existing Traffic Volumes
To assess peak hour traffic conditions, manual turning movement counts were conducted at the study
area intersections on Tuesday, November 10, 2015. The traffic counts were conducted during the
weekday morning peak period from 7:00 AM to 9:00 AM and the weekday afternoon peak period from 4:00
PM to 6:00 PM. The traffic counts are summarized in 15 minute intervals and are attached. The
resulting 2015 unsignalized traffic volumes are shown in Figure 2.

In addition, Automatic Traffic Recorder (ATR) data was collected for a 24‐hour period from Tuesday,
November 10, 2015 through Wednesday, November 11, 2015 on both Route 27 (Spring Street) and South
Street to determine the hourly distributions of traffic for the traffic signal warrant analysis.

MUTCD Signal Warrants
Signal warrant analyses were performed for the unsignalized intersection based on procedures
outlined in the latest edition of the Manual on Uniform Traffic Control Devices (MUTCD). The MUTCD
establishes nine criteria, referred to as warrants, for the installation of traffic signals. The
manual states that satisfaction of these warrants does not in itself require the installation of a
traffic signal. However, a traffic signal should not be installed unless one or more of the
warrants are met. The analyses performed for this report are based on the criteria for the eight‐
hour, four‐hour, and peak hour volume warrants, as well as the pedestrian volume and crash
experience warrants.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 4 of 9

Eight‐hour, four‐hour and peak hour signal warrant analyses were performed using existing traffic
volumes at the intersection of Route 27 (Spring Street) and South Street. The results of the signal
warrant analyses are attached, and a summary of the results are presented below in Table 2.

Table 2: Signal Warrant Summary

Intersection                         Eight‐Hour      Four‐Hour     Peak Hour     Pedestrian
Route 27 (Spring Street)

Crash Experience

at South Street                             Yes                   Yes                  Yes
No                   No

As seen in Table 2, the intersection of Route 27 (Spring Street) at South Street meets the peak
hour, four hour traffic signal warrants (Warrant 2 and 3), and the eight‐hour traffic signal
warrant (Warrant 1), but does not meet the pedestrian warrant (Warrant 4), or crash experience
warrant (Warrant 7).

For the eight‐hour vehicular volume signal warrant (Warrant 1) to be met, minimum vehicular volumes
for the major street and minor street, found in Table 4C‐1 of the MUTCD, must be exceeded for one
of two volume conditions. Per MUTCD methodology, the 70% factor lowering the volume thresholds
required for satisfying the warrants is applicable to this intersection because of the 40 mph
posted speed limit. A summary of the results of the eight‐hour warrant are presented below in Table
3.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 5 of 9

Table 3: Eight‐Hour (Warrant 1) Signal Warrant Summary

Hour

Northbound Volume

Southbound Volume

Existing 2015 Total Major Street Volume

Minor Street Volume

Condition 1 Met1

Condition 2 Met2

6:00 AM                 819                         306                         1125
33                       no                        no
7:00 AM                1388                       640                         2028
143                     yes                       yes
8:00 AM                1100                       588                         1688
132                     yes                       yes
9:00 AM                 649                         501                         1150
99                       no                        yes
10:00 AM                485                         421                          906
111                     yes                       yes
11:00 AM                469                         512                          981
141                     yes                       yes
12:00 PM                 486                         475                          961
142                     yes                       yes
1:00 PM                 488                         487                          975
137                     yes                       yes
2:00 PM                  593                         773                         1366
279                     yes                       yes
3:00 PM                  581                         934                         1515
302                     yes                       yes
4:00 PM                  674                        1007                        1681
276                     yes                       yes
5:00 PM                  702                        1010                        1712
218                     yes                       yes
6:00 PM                  581                         882                         1463
215                     yes                       yes
7:00 PM                 369                         452                          821
130                     yes                       yes

1 Ma jor street volume greater than 350 vehicles pe r hour and minor street volume greater than 105
vehicles pe r hour. 2 Ma jor street volumes greater than 525 vehicles pe r hour and minor street
volume greater than 53 vehicles pe r hour.
****Spe ed Limit is 40 mph on Route 27 (Spring Street)

As seen in Table 3, both Conditions 1 and 2 of the eight‐hour signal warrant were satisfied during
ten consecutive hours, which surpasses the necessary eight‐hour signal warrant requirements. Based
on the results of the eight‐hour signal warrant and MUTCD criteria, the installation of a traffic
signal at the intersection is warranted. In addition, the results of four‐ hour and peak hour
warrants also support the installation of a traffic signal at the intersection.

Accident Summary
Crash data for the study area intersection was obtained from the Massachusetts Department of
Transportation (MassDOT) for the most recent three‐year period available. This data includes
complete yearly crash summaries for 2011, 2012, and 2013. A summary of the crash data is attached.

The signalized intersection of Route 27 (High Street) at South Street had a total of 11 crashes
reported over the three‐year period from 2011‐2013, resulting in a crash rate of 0.44 crashes per
million entering vehicles at the intersection. This value is lower than the average crash rates of
0.80 and 0.89 for signalized intersections statewide and in MassDOT District 3, respectively. It
should also be noted that the majority of the crashes were rear‐end type crashes resulting in
property damage, which are typical at a signalized intersection.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 6 of 9

The unsignalized intersection of Route 27 (Spring Street) at South Street had a total of nine
crashes reported over the three‐year period from 2011‐2013, resulting in a crash rate of 0.37
crashes per million entering vehicles. This is lower than both the statewide and MassDOT District 3
averages for unsignalized intersections of 0.60 and 0.66 crashes per million entering vehicles,
respectively. The majority of the crashes that occurred at the intersection were angle or rear‐end
collisions; however, there were two crashes that were head‐on collisions. All of the reported
crashes resulted in property damage and there do not appear to be any trends related to weather or
time of day.

BACKGROUND TRAFFIC GROWTH
A background growth rate of one percent per year was identified in order to forecast increases in
traffic volumes on the study area roadways and intersections for our future analyses based on
information provided by the Town of Medfield. This rate captures growth associated with general
changes in population and accounts for other small developments in the vicinity of the study area
and is consistent with similar traffic studies completed in this area in recent years. No
additional developments or other roadway projects were identified to be included in the future
traffic analysis. The resulting 2025 Unsignalized traffic volumes are shown in Figure 3 for the
weekday morning and weekday afternoon.

TRAFFIC OPERATIONS ANALYSIS
As a basis for this assessment, intersection capacity analyses were conducted using Synchro
capacity analysis software for the study area intersection under the 2015 Existing, 2025
Unsignalized, and 2025 Signalized conditions. The analysis was based on procedures contained in the
Highway Capacity Manual (HCM). Capacity analysis summaries are attached. A discussion of the
evaluation criteria and a summary of the results of the capacity analyses are presented below.

Level‐of‐Service Criteria
Operating levels of service (LOS) are reported on a scale of A to F with A representing the best
conditions (with little or no delay) and F representing the worst operating conditions (long
delays). In an urbanized area, LOS D is typically considered adequate.

Capacity Analysis Results
Intersection capacity analyses were conducted for the study area intersections to evaluate the 2015
Existing conditions, as well as 2025 Unsignalized, and 2025 Signalized peak hour traffic
conditions. Based on our analysis, the peak hour of the adjacent street traffic occurs between 7:15
AM and 8:15 AM for the weekday morning, and 4:45 PM and 5:45 PM for the weekday afternoon peak
periods. The results of the capacity analyses are presented in Tables 4 and 5 below for the morning
and afternoon peaks, respectively.

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 7 of 9

Table 4: Morning Level of Service Summary

2015 Existing      2025 Unsignalized

2025 Signalized

Intersection

Movement

LOS1  Delay2   V/C3   LOS1  Delay2   V/C3   LOS1  Delay2   V/C3

Route 27 (High Street)       EB         L                F      155.9    1.28      F      213.6
1.41      F       81.8     1.06
at South Street                                R                A        3.8      0.12      A
0.1      0.05      A        0.6      0.05
NB       L                B       10.2     0.14      B       10.6     0.16      E       76.9
0.56
T                F      227.1    1.44      F      293.1    1.59      F      271.9    1.51
SB         T                C       33.4     0.92     D       53.7     1.02      F       67.8
0.96
R                A        0.1      0.10      A        0.1      0.11      A        0.8      0.11

Overall

F      134.1    1.44      F      179.4    1.59      F      148.1    1.51

Route 27 (Spring Street)    WB      L                F     1175.1   3.24      F     2097.3   5.17
D       39.0     0.68
at South Street                                R                D       28.3     0.11     D
34.7     0.15      B       11.4     0.09
NB       TR             A        0.0      0.00      A        0.0      0.00      A       11.8
0.78
SB         LT              C       18.2     0.06      C       21.2     0.08      A        8.1
0.64

1 Level‐of‐Service

Overall

B       10.3     0.78

2 Average vehicle delay in seconds 3 Volume to capacity ratio
n/a Not Applicable

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 8 of 9

Table 5: Afternoon Level of Service Summary

2015 Existing      2025 Unsignalized

2025 Signalized

Intersection

Movement LOS1  Delay2   V/C3   LOS1  Delay2   V/C3   LOS1  Delay2   V/C3

Route 27 (High Street)      EB    L                  B       12.2     0.36      B       12.5
0.39      E       79.0     0.75
at South Street                           R                 A        0.0      0.02      A
0.0      0.02      A        0.7      0.02
NB   L                  B       10.8     0.31      B       11.8     0.34      B       10.4     0.20
T                 C       34.8     0.94      E       61.3     1.05      B       14.3     0.61
SB    T                  B       15.8     0.75      C       20.6     0.83      B       13.6
0.48
R                 A        0.4      0.30      A        0.5      0.33      A        1.2      0.34

Overall

B       18.1     0.94      C       28.6     1.05      B       15.6     0.75

Route 27 (Spring Street)   WB  L                  F     1250.2   3.53      F     2116.2   5.39
F       94.1     1.04
at South Street                           R                 C       15.7     0.05      C       17.2
0.07      B       15.2     0.08
NB   TR               A        0.0      0.00      A        0.0      0.00      A        6.7
0.57
SB    LT               B       10.2     0.02      B       10.7     0.03      B       16.1     0.86

1 Level‐of‐Service

Overall

C       21.0     1.04

2 Average vehicle delay in seconds 3 Volume to capacity ratio
n/a Not Applicable

As seen in Tables 4 and 5, the proposed signal at the intersection of Route 27 (Spring Street) at
South Street is expected to operate at an overall LOS B during the weekday morning peak hour and at
overall LOS C during the weekday afternoon peak hour. During the weekday morning peak hour, the
westbound and southbound movements are expected to improve in operations compared to the future
unsignalized condition, based on the level of service. During the weekday afternoon peak hour, the
westbound right and southbound movements are expected to improve compared to the future
unsignalized condition, based on level of service. The implementation of a signal at the
intersection will potentially improve the operations of the South Street westbound approach. In
addition, the potential implementation of a dedicated northbound right turn lane on the Route 27
(South Street) approach, as shown in Figure 4, is expected to improve operations at the
intersection. The implementation of a traffic signal in combination with northbound right turn lane
modifications on Route 27 (Spring Street/South Street) would potentially involve Right‐of‐Way
impacts.

RECOMMENDATIONS
Based on the MUTCD traffic signal warrants, accident data, and sight distance measurements, it is
recommended that a two‐phase actuated traffic signal be installed at the intersection of Route
27 (Spring Street) at South Street. A traffic signal will provide significant operational
improvements to the South Street westbound approach while maintaining adequate operations for Route
27 (Spring Street/South Street).  A traffic signal concept plan for the intersection of

Chief Robert E. Meaney
DRAFT
January 19, 2016
Page 9 of 9

Route 27 (Spring Street) at South Street is shown in Figure 4. The preliminary construction cost to
install a signal at this intersection is approximately $200,000. This estimate does not include
costs related to potential roadway widening on the eastern side of the northbound approach on Route
27 (South Street), which will allow for more efficient traffic operations at the intersection. In
addition, the potential right‐of‐way or land acquisition costs have not been accounted for in this
estimate.

CONCLUSION
Based on the existing traffic volumes, accident history, and signal warrant analysis, it is
recommended that an actuated and coordinated traffic signal be installed at the intersection of
Route 27 (Spring Street) at South Street. The signal warrant analysis concludes that the
intersection volumes adequately satisfy the peak hour, four‐hour, and eight‐hour warrant
requirements. The capacity analysis indicates that signalizing the intersection will minimize
delay, and allow the intersection to operate at a LOS B and C during the weekday morning and
weekday afternoon peak hours. Under the future unsignalized conditions, motorists on South Street
will continue to experience long delays in the LOS F range during both peak hours. By installing a
signal, these motorists will experience much more acceptable levels of service.

We trust that our review and recommendations have provided you with the appropriate technical
information to finalize a decision on this request. Please do not hesitate to contact me should you
require any further information.
Very truly yours,
Phil Viveiros, P.E., PTOE Project Manager
Attachments
Figure 1 – Study Area Map
Figure 2 – 2015 Existing Weekday Peak Hour Volumes Figure 3 – 2025 Future Weekday Peak Hour Volumes
Figure 4 – Traffic Signal Concept Plan
Traffic Count Data Signal Warrant Backup
Synchro Analysis Reports

LCB at ZBA per Globe

LCB

Boston Globe article on the ZBA hearing this week.

https://www.bostonglobe.com/metro/regionals/west/2016/02/05/assisted-living-plan-sparks-opposition-medfield/SYjr1F8XMHlaofLrza4ykN/story.html

Busy at MSH

Best,Pete

Osler L. Peterson, Esq.
PETERSON | Law
580 Washington Street, Newton, MA 02458-1416
66 North Street, PO Box, 358, Medfield, MA 02052-0358
617.969.1500 W
617.969.1501 Direct
617.663.6008 F
508.359.9190 M
Osler.Peterson@OslerPeterson.com

Sent from my phone – please excuse any typos.

Green St. poles status

green st-2

These emails from Verizon and Mike this morning about when the utility poles on Green Street will get moved out of the street –


Thanks Stephanie, Ken Feeney did tell me that there were two Verizon trucks out there this week working on the transfer. Thanks for your quick response So far we been able  to handle the snow, It looks like we’re in for a couple of storms, but our crews are good at keeping the roads open. I’ll forward this to Ken and Bobby Kennedy and to the Selectmen, so they’ll be in the loop. Let me know when you’re finished so we can get Eversource in to remove the poles.  Mike Sullivan

 

On Thu, Feb 4, 2016 at 2:28 PM, Lee, Stephanie S wrote:

Hi Mike and Richard,

You probably are aware that Verizon crews are out on Green St. preparing to transfer lines to the new poles.  It is a complicated job that will take a couple weeks, but I wanted to let you know we will work diligently to complete our transfers.  Let’s cross our fingers for a couple more weeks of mild weather – and an early spring.

Stephanie
Stephanie Lee
State Government Affairs
125 High St. – Oliver Tower
Boston, MA 02110
O 617.743.5440 | M 978.808.6155

COA closed

The Center is locked up, so my office hours scheduled for this morning have had to be cancelled. Please feel free to contact me directly of you have any issues.

Office hours Friday

The Center - winter

Selectman Office Hours – This Friday

Selectman Osler “Pete” Peterson holds regular monthly office hours at The Center on the first Friday of every month from 9:00 to 10:00 AM (his litigation schedule permitting).

Residents are welcome to stop by to talk in person about any town matters.  Residents can also have coffee and see the Council on Aging in action (a vibrant organization with lots going on).

Peterson can be reached via 508-359-9190 or his blog about Medfield matters  https://medfield02052.wordpress.com/, where any schedule changes will be posted.

Ransomeware 101

http://www.wired.com/2015/09/hacker-lexicon-guide-ransomware-scary-hack-thats-rise/

Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise

RansomewareClick to Open Overlay Gallery
Then One/WIRED

Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

TL;DR: Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom—usually demanded in Bitcoin. A popular and more insidious variation of this is ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.

Earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they’ve already infected it with a backdoor through which they can enter.
The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn’t guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn’t occur.

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.

According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim’s machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.

Symantec ransomware imageClick to Open Overlay Gallery
Symantec
The Evolution of Ransomware

It didn’t take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in Bitcoin, of course, and sent to an address the attackers control—the government won’t restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address, fines@fbi.gov, if they have any questions. In some cases they are threatened with arrest if they don’t pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.

In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim’s files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.

In just six months, between September 2013 and May 2014, more than half a million victims were infected with CryptoLocker. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.

Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.

“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.

In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.

Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client. But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.

The “malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec noted in a blog post.

The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.
The Ransomware to Watch Out for Now

Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim’s machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim’s files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall’s authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.

CTB-Locker’s name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.

TorrentLocker harvests email addresses from a victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.