Lincolnshire County Council finally got its IT systems back up and running on Monday after a shutdown last week following a ransomware demand.
CIO Judith Hetherington Smith took the decision to take the Council's whole IT system down late on Tuesday after a member of staff accidentally activated malware with a ransomware payload.
The malware started encrypting files, concluding with a ransom demand. "Right at the end, when it completes running, it displays a message on the screen saying that it wants one million pounds," Hetherington Smith told Computing in an interview late on Friday.
However, the amount demanded has since been downgraded to the more usual £350 or so, presumably per infected device, in bitcoin.
Regardless of the demand, rather than pay up, the Council switched off PCs and servers and conducted a sweep of the IT across the organisation in order to make sure that the malware couldn't spread. Staff had to resort pen, paper, telephone and actually talking to each instead, while members of the public were urged via the local press to refrain from contacting the Council over anything non-urgent.
Council IT staff worked over the weekend to complete their audit, which in some cases meant wiping systems and restoring from back-up, but relatively little was lost in the process, says Hetherington Smith. Social care was prioritised, and staff in this area were granted limited access to systems late last week.
The vast majority of systems were found to be unaffected by the malware and its effects, but library services and online booking required infected files to be deleted and restored from backup.
Hetherington Smith claims that the malware went undetected by the Council's anti-virus and other security software, and that the sample sent away for analysis had not been seen in the wild before.
Travel firm delayed reporting the breach by 22 days, exceeding the 72-hour limit
Patterns of unusual behaviour are the clearest signal of an attack, not programmes or files
A database migration appears to have caused a data breach, with pet owners able to see other people's details and potentially register their pets as their own
This week on the IT news podcast the team discusses the new military spending review, the implications of a fire at a chip manufacturing plant, and the concept of privacy-friendly paid-for internet search.
This week on the IT news podcast the team discuss the latest PAC report into IT border projects, hacker gangs targeting firms with cyber insurance policies, and data breaches at the MoD