Nearly a third of UK councils fell victim to ransomware attacks last year - FOI request

Worryingly, 35 per cent of victims did not disclose whether they had paid a ransom or not

Nearly a third (30 per cent) of UK councils fell victim to ransomware attacks in 2015, according to a Freedom of Information (FOI) request.

The request, made by security firm Avecto, found that companies were targeted by malware attacks whereby some or all of the victim's data is encrypted before the perpetrator demands payment in return for decrypting it.

Of the 46 councils in England, 30 per cent said they had suffered at least one ransomware attack during 2015, with one council suffering 13 separate assaults throughout the year. A further nine councils withheld information, and 14 failed to respond altogether, suggesting that perhaps ransomware attacks had affected more than 30 per cent of councils

Of the councils that had suffered an attack, nearly two thirds (65 per cent) said they had not paid a ransom, while 35 per cent did not disclose whether they had or not, suggesting that they may have paid off the cyber criminals.

The findings don't come as a complete surprise; back in November last year, McAfee Labs said that councils were going to be increasingly targeted by ransomware threats, and in January, Lincolnshire County Council shut down IT across the organisation after a suspected cyber-attack in which sensitive personal information from some of its systems was breached. In an interview with Computing, the CIO of the council, Judith Hetherington Smith, revealed that the council was the subject of a £1m ransomware demand, and said that the local authority had no choice but to shut down PCs and servers across its entire network.

The malware had encrypted a number of files before deleting itself and presenting a ransom demand of £1m in bitcoin in return for the decryption keys.

Hetherington Smith suggested that the ransomware was only triggered by one user. Her advice for other organisations affected by a similar outbreak was to keep reminding staff of cyber threats, to take the precaution of taking systems down if the company suspects something, and finally she advises firms to check that their business continuity plan actually works.