Lincolnshire staff restore systems following ransomware attack
Computer systems at Lincolnshire County Council (LCC) are up and running after a major cyber attack forced the closure of the entire network last week.
On Tuesday, the council suffered a ransomware attack from an unknown source, demanding an initial $500 in Bitcoins - which was set to rise over time - to release the data.
Speaking on BBC Radio Lincolnshire this morning, the council’s chief information officer, Judith Hetherington Smith, said that the council’s systems were now back to normal.
She said: “The fact we shut everything down so quickly helped stop the malware from spreading. We had IT staff working pretty much 24/7 over the weekend and we are grateful for all their hard work.”
Hetherington Smith said that the virus had got onto the council’s systems by a member of staff clicking on a link within an email.
She said that although no personal details of citizens had been stolen, some data had been encrypted and has been deleted.
Information which was recorded on paper will now have to be inputted into computer systems, she added.
A spokeswoman for the council told Publictechnology.net that council systems had been backed up on the Monday night, so only a small amount of data from Tuesday morning had been lost.
Detective Inspector Stephen Knubley, of Lincolnshire Police's cyber crime unit, said: "I can confirm that LCC were subject to a malware attack on an IT system. LCC security, in difficult circumstances, have been extremely professional in dealing with this matter and are working towards restoring a full service.
"I can assure the public that there's no evidence at this time that any data has been extracted from LCC systems.
"Lincolnshire Police will continue to work with LCC in an attempt to identify the offenders.”
Commenting on the case, Orlando Scott-Cowley, cyber security strategist at email security firm Mimecast, said:“Traditional anti-virus software is increasingly little protection against new variants of malware sent by email. Ransomware is growing fast and organisations need to combine rigorous employee training with technology that analyses malicious links and attachments in real-time.”
Image of Lincolnshire County Council offices by Ian Carrington, Wikimedia
The Scottish government will implement a “tough” assurance process for digital projects, mandate the use of common technologies and offer training to make sure civil servants “get digital”.
Councils should be in the “driving seat” of technological change, but need to rethink the role they play in their locality and invest in long-term planning, a report has said.
Public sector organisations have been told they still have to meet the common Public Sector Network assurance standards while work is carried out to move away from the network.
The government has published its long-awaited Digital Strategy, which sets out plans to increase digital inclusion, data skills and industry links.