Comhairle nan Eilean Siar on the island of Lewis continues investigative and remedial work after being hit with a ‘criminal’ ransomware assault that took out systems almost a month ago
A local authority in the outer Hebrides is still “counting costs” after being hit with a ransomware attack a month ago, its chief executive has said.
O 7 November, a cyber-assault caused “significant disruption” to Comhairle nan Eilean Siar’s IT system, and some data remains “inaccessible”, the authority’s head Malcolm Burr said.
“In terms of data recovery, that is ongoing work,” he told the BBC. “You hear terms being used like ‘lost’, but it is all there, and it is simply that we can’t access it. Data recovery – that remains a possibility, and that’s obviously high-priority work for the team and those who are advising us.”
The local authority has called for specialists to help rebuild the affected IT systems, while Burr has also said the Scottish Government might need to provide technical assistance.
- Cyber Security Week: Analysis – how and where are attackers getting in?
- ‘The prospect of a category-one cyberattack is not receding’
- Cyber Security Week: What will imminent changes to the network security laws mean?
About a week after the attack, the council – which is based on the outer Hebridean island of Lewis – created a basic interim website. The site enables citizens to make payments to the authority, while also republishing copies of the “the most popular pages from Comhairle nan Eilean Siar’s [full] website including bus timetables, bin collections and school term dates”.
In an update published two weeks ago, the council said that its recovery work would be focused on two priorities: “to identify any information extracted from the server and inform those impacted; [and] to rebuild operations and ensure the continued delivery of services to those in our community that need them most”.
The incident – which took place in the same week that the British Library also suffered a major cyberattack – came shortly after the publication of latest statistics from the Scottish Government on cybercrime. The report revealed Police Scotland recorded almost 15,000 cybercrimes in 2022-23 – a figure which has more than doubled compared with pre-pandemic levels.
A version of this story originally appeared on PublicTechnology sister publication Holyrood