Twenty-five per cent of local authorities affected by ransomware

Only one council admits to paying the ransom with the rest claiming they simply restored from backups

More than 25 per cent of the UK's local authorities have been affected by ransomware attacks, according to the responses to a series of Freedom of Information Act (FOI) requests by security firm Barracuda.

A total of 115 councils (27 per cent) admitted that they had been the victim of ransomware, while 43 per cent claimed that they hadn't.

Most worryingly, perhaps, were the remaining 30 per cent who either did not respond in time or said that they didn't know if they had been or not as their IT had been outsourced to private contractors.

Only one council admits to having paid the ransom, but did not disclose how much that was.

This new survey is the latest to show a disconnect between security and safety of public data and those in charge of protecting it

Many of the local authorities said that they had not paid the ransom, but simply restored their data from a backup. Seventy per cent of councils say they back up their data regularly, with the remainder being the 30 per cent who claim to have outsourced their IT.

The survey estimates a total of 27,604 terabytes of data are being stored by local councils, with 64TB being the average per council. This will include a significant amount of data about its constituent citizens.

Chris Ross, senior vice president of International at Barracuda Networks commented: "While it's promising that the majority of councils affected were able to remediate ransomware attacks quickly due to their backup system working correctly, it's still disappointing that so many of them fell victim to ransomware in the first place."

Last week it was revealed that England and Wales' second biggest police force, Greater Manchester, still runs Windows XP on one-in-five of its PCs while the Metropolitan Police continues to run XP on a variety of machines - leaving both open to ransomware.

This new survey is the latest to show a disconnect between security and safety of public data and those in charge of protecting it.

Data suggests that in the event of a ransomware attack on a public body such as the police force, 49 per cent of respondents believed that the government should be made to pay the ransom. This is despite the fact that in many cases, the object of ransomware is not actually raising money, but state sponsored actors trying to destroy data.

Similarly, the NHS relies heavily on outdated security measures for its services, and whilst most of them are "offline" there is concern that lifesaving equipment such as life support systems could accidentally be compromised in an attack.