Lincolnshire council cyber-breach should be a lesson

We hear all the time of major firms being attacked by cyber-criminals. Sometimes it is a case of digital thieves taking valuable data to sell on, while others sabotage sites for financial or moral gain. It’s a little rarer to find stories of smaller organisations falling victim, but these attempts do happen – just ask the people of Lincolnshire.

Earlier this year, Lincolnshire County Council’s online services went down when its systems were breached by malicious hackers hoping to get hold of a significant sum of money.

The saga began when a member of staff received an email with an attachment purporting to be an official invoice. The employee opened this file, trusting it was legitimate, but soon realised the download had infected the council network with ransomware – a type of malware through which hackers demand money to restore access to hijacked data. The requested sum in this instance was a lofty £1 million.

Ransom reduced from £1m to £350 but council still refused to pay

As a precaution, the council immediately shut down its IT systems while work continued on removing the threat. Although it’s thought that the majority of data stores were accessed by the hackers, no files were lost in the assault, officials said.

Eventually, upon realising a local county council is unlikely to have a million pounds lying around spare, the cyber-criminals dropped their fee to just £350. The updated demands were still refused, however. After working “24/7” to eradicate the virus, staff eventually regained control of the system, having worked with pen and paper for almost a week.

The biggest point to take away from the story is the fact that, as chief information officer Judith Hetherington Smith explained, the malware made it through the council’s anti-virus software. All it took was for an unsuspecting employee to open an email attachment – something most of us will do multiple times every day.

The key is undoubtedly to be extra vigilant, as these attacks happen with alarming regularity. Only open emails from recognised senders, and ask for invoices to be sent in a PDF format, which tends to be a safer format than both Word and Excel. Oh, and think twice before ever paying a ransom – it might pay to sweat it out.

Speak Your Mind

*