Lincolnshire County Council’s computer systems held to ransom

Lincolnshire County Council’s computer systems have been hit by malware demanding a £1million ransom.

The authority said the ransomware was identified last week and it shut down its computer systems for up to four days to apply a suitable fix. The cyber attack resulted in some services being affected, including libraries and online booking systems.

James Maude, Senior Security Engineer at Avecto said ransomware attacks were becoming a popular weapon of choice for cyber criminals:

“These type of attacks are especially effective as they simply exploit the user’s access to data, not only on their own machine, but across network shares as well. The breach highlights how important it is to isolate potentially dangerous content from the web and have a robust allow listing policy to prevent undetectable malware payloads from executing.”

The incident raises further concerns about the health of IT security in the public sector. In March last year Avecto, found that a large percentage of English councils were using unsupported versions of Java.

The research, undertaken through a Freedom of Information (FOI) request, found that only 6% of councils are running Java 8, the most up-to-date version of the software. A further 55% of councils were found to be using Java 6, a version out of mainstream support since February 2013.

Maude added: “The risk of attacks on those who store large amounts of sensitive data and often rely on outdated or unpatched systems is significant. Organizations sitting on unpatched software or relying on antivirus for protection are leaving themselves wide open and vulnerable to attack.”