Lincolnshire County Council finally got its IT systems back up and running on Monday after a shutdown last week following a ransomware demand.
CIO Judith Hetherington Smith took the decision to take the Council's whole IT system down late on Tuesday after a member of staff accidentally activated malware with a ransomware payload.
The malware started encrypting files, concluding with a ransom demand. "Right at the end, when it completes running, it displays a message on the screen saying that it wants one million pounds," Hetherington Smith told Computing in an interview late on Friday.
However, the amount demanded has since been downgraded to the more usual £350 or so, presumably per infected device, in bitcoin.
Regardless of the demand, rather than pay up, the Council switched off PCs and servers and conducted a sweep of the IT across the organisation in order to make sure that the malware couldn't spread. Staff had to resort pen, paper, telephone and actually talking to each instead, while members of the public were urged via the local press to refrain from contacting the Council over anything non-urgent.
Council IT staff worked over the weekend to complete their audit, which in some cases meant wiping systems and restoring from back-up, but relatively little was lost in the process, says Hetherington Smith. Social care was prioritised, and staff in this area were granted limited access to systems late last week.
The vast majority of systems were found to be unaffected by the malware and its effects, but library services and online booking required infected files to be deleted and restored from backup.
Hetherington Smith claims that the malware went undetected by the Council's anti-virus and other security software, and that the sample sent away for analysis had not been seen in the wild before.
The cyber gang has largely remained in dark since breaching the systems of Democratic National Committee in 2016
The feature was introduced in May 2018 for Chrome desktop users
A patch for the bug affecting Echo and Kindle devices was released by Amazon earlier this year
Tuning into the BBC iPlayer or Netflix when you're overseas can be a challenge. The solution? A UK IP address
The worm moves in small bursts, but remains relatively inept overall