IT restored at Lincolnshire County Council after ransomware shutdown

Back to work-as-usual for staff at council shut down by ransomware demand last week

Lincolnshire County Council finally got its IT systems back up and running on Monday after a shutdown last week following a ransomware demand.

CIO Judith Hetherington Smith took the decision to take the Council's whole IT system down late on Tuesday after a member of staff accidentally activated malware with a ransomware payload.

The malware started encrypting files, concluding with a ransom demand. "Right at the end, when it completes running, it displays a message on the screen saying that it wants one million pounds," Hetherington Smith told Computing in an interview late on Friday.

However, the amount demanded has since been downgraded to the more usual £350 or so, presumably per infected device, in bitcoin.

Regardless of the demand, rather than pay up, the Council switched off PCs and servers and conducted a sweep of the IT across the organisation in order to make sure that the malware couldn't spread. Staff had to resort pen, paper, telephone and actually talking to each instead, while members of the public were urged via the local press to refrain from contacting the Council over anything non-urgent.

Council IT staff worked over the weekend to complete their audit, which in some cases meant wiping systems and restoring from back-up, but relatively little was lost in the process, says Hetherington Smith. Social care was prioritised, and staff in this area were granted limited access to systems late last week.

The vast majority of systems were found to be unaffected by the malware and its effects, but library services and online booking required infected files to be deleted and restored from backup.

Hetherington Smith claims that the malware went undetected by the Council's anti-virus and other security software, and that the sample sent away for analysis had not been seen in the wild before.