Lincolnshire council has restored itself to full capacity after its systems were infected with ransomware. On 26th January, a phishing email loaded with an infectious attachment deployed ransomware on the local authority's computers, asking for US$ 500 (£348) in Bitcoin, the untraceable crypto-currency
As with so many Ransomware campaigns, the ransomers said that the ransom would increase over time if the victims did not pay up. As it turns out,that's exactly what the council did, refusing to pay that or any sum the ransomers offered. Hetherington Smith said, “as a public authority this was never something we were going to do.”
David Emm, principal security researcher at Kaspersky Lab told SCMagazineUK.com that despite the fact that Lincolnshire County Council's systems were down for almost a week, the local authority, “was right to stand its ground.” Paying the ransom, said Emm, “validates the cyber-criminals' business model, leading to the development of more ransomware. It's also important to remember that once paid, cyber-criminals may not provide the decryption key to recover the data. At the very least, paying up should be a decision of last resort, not a routine approach to the problem.”
Judith Hetherington Smith, CIO at Lincolnshire County Council told press in a statement that after the infection: “We immediately took action to look after all our data and closed down our systems so they couldn't be compromised. This was a new piece of malware so we worked with our security vendors to find and test a solution.”
The attack did not affect many files but managed to affect library services and online booking. Many of the infected files were also restorable from back ups. That said, the online services were down for almost a week, leaving staff using pens and paper to do their work.
The problem is now fixed, according to the council. Hetherington Smith said: "I am pleased to be able to say that we are now at a stage where all services have been fully restored and staff can now access normal systems, files and folders. There is no evidence that any personal data has been compromised as a result of this attack."
Ransomware, the bugbear of private individuals and enterprises alike, extracts money from its victims by restricting access to the infected computer, commonly by encrypting files, unless a ransom is paid. CryptoWall is one such example and was so lucrative throughout its prolific career that the Cyber-Threat Alliance claimed it had gotten nearly £214 million during its short life span. Commonly, such pieces of malware are deployed by phishing emails and its ill gotten gains are reaped via Bitcoin.
This particular piece of Ransomware has never been seen before, said David Flower managing director EMEA for Carbon Black. He told SC that: “Zero Days are problematic, as traditional security solutions such as anti-virus rely on blacklisting – they have a set of known threats that they detect, if a file doesn't appear on their list, they let it through – so if the threat has never been seen before then this system falls down. Phishing emails with ransomware can easily sneak into user inbox's, the user clicks on the attachment, and boom – the bad guys are in."