Lincolnshire County Council computer systems have fallen victim to a malware attack and a subsequent ransomware demand, highlighting the risk such attacks pose to modern businesses.
The malware has encrypted some of the council's data and the attackers have offered to unscramble it only if the council pays £1m.
The council said in a Twitter post that it has managed to get the majority of the systems back online and has not had any data stolen.
Following a malware attack, the majority of our systems will be back online by tomorrow morning. No data has been stolen. Thank you— Lincs County Council (@LincolnshireCC) January 31, 2016
Lincolnshire’s IT team shut down the system to prevent the spread of the malware, but several of its services, including libraries and online booking systems, were affected.
The attack is the council's biggest to date, and the perpetrators remain unknown.
Lincolnshire chief information officer Judith Hetherington-Smith explained that the attack rapidly caused disruption despite spreading only to a few files and computers.
"People can only use pens and paper. We've gone back a few years. It happened very quickly. Once we identified it we shut the network down, but some damage is always done before you get to that point, and some files have been locked by the software,” she told the BBC.
Many hack attacks result in data leaks, downed servers and stolen flies, but ransomware can worm its way into the flies and data of a computer and effectively make it inaccessible or unreadable unless a fee is paid to the attacker.
There is no guarantee that the hacker will then decrypt the data, thus the ransom and pseudo-blackmail process remains.
David Flower, EMEA managing director at cyber security firm Carbon Black, explained that ransomware is a threat to many businesses and organisations that do not know how to combat it effectively.
“Ransomware is becoming an increasing problem, but we often do not see the scale of the problem as many organisations simply pay up and stay quiet about it,” he said in a comment supplied to V3.
Flower highlighted that zero-day attacks that exploit unknown faults in software and systems are a problem when fighting ransomware as existing antivirus software will not have the exploit on their blacklists and will let the malware pass into seemingly protected systems.
“Organisations need to stop relying on antivirus alone to protect their endpoints. A more sophisticated approach is needed. Whitelisting, whereby a threat is assessed against a set of policies and common characteristics to see if there is a likely problem, can help to spot this type of malware even if it has never appeared before,” he said.
“This should then be combined with broader threat intelligence, where you can see if a particular file has ever been seen before. If it hasn’t, it is likely to be zero-day and hazardous. This allows organisations to get smarter about security and avoid falling into these sorts of trap.”
Ransomware is also being combated in the physical world. Europol and the Met Police recently tracked and arrested two suspected members of ransomware hacking group DD4BC.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith