Lincolnshire County Council (LCC) made national headlines this week following a ransomware attack on 29th January.
The attackers, who were widely misreported to have demanded £1 million to provide the unlock code, turned out to be rather less ambitious. The demand was in fact for just $500 (c. £350). The council refused to pay and LCC staff, supported by security experts, succeeded in restoring systems and data completely, earlier this week.
Significant disruption to LCC operations resulted as the attack forced the workforce of over 5000 employees to revert to manual processes.
LCC head of technology, Julie Hetherington-Smith, said: “People can only use pens and paper, we’ve gone back a few years.” Other reporting suggested the attack was a result of “zero-day malware”, a version of ransomware previously unknown to security experts.
This incident demonstrates that every public and private organisation needs to be on its guard against cyberattacks. Small, medium and large businesses face unprecedented levels of threat from criminal attack. If this truly was a zero-day attack, then it is unlikely it could have been successfully defended. However, many incidences of malware are not zero-day and can be successfully defeated by existing countermeasures.
LLC stood firm in refusing to pay, and this should be applauded. Unfortunately, it is widely believed the crime is under reported in the private sector. Ransom demands are often modest sums that don’t break the bank. Rather than face reputational damage, private companies may elect to pay up, learn their lesson and then pay more attention to security. There is little doubt that this only feeds the hackers ambition and shows such a strategy is effective.
There are a number of key steps businesses need to take if they are to reduce the risk of being the victim of such an attack.
The first step is to understand how vulnerable your organisation is to a security breach. To help with this we have developed a straightforward and concise Security Questionnaire.
You don’t have to be an IT expert to complete it. You can understand quickly and simply, whatever your level of IT knowledge. Just complete it and find out whether you need to take any further action.
Click here to download the Paralogic Security Questionnaire.
Photo Credit: System Lock – Flickr
For more than 20 years, Paralogic has been working with small and medium sized businesses, providing IT support and services they can rely on. We’re thrilled, therefore, to be named among the best British MSPs,…Read More
The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…Read More