Manchester City Council pays $2.4m in Conficker clean up costs

Manchester City Council pays $2.4m in Conficker clean up costs

Summary: How severe can the impact of the Conficker worm be on a single city council that has apparently not implemented basic security solutions in place?Pretty severe according to a recently released a report entitled "Service interruption resulting from ICT disruption in February 2009" which details the financial costs of a Conficker incident affecting Manchester City Council's network - 1.

SHARE:
TOPICS: Security
47

How severe can the impact of the Conficker worm be on a single city council that has apparently not implemented basic security solutions in place?

Pretty severe according to a recently released a report entitled "Service interruption resulting from ICT disruption in February 2009" which details the financial costs of a Conficker incident affecting Manchester City Council's network - 1.5 million pounds in clean up costs and lost revenue from the downtime.

Where did all the money go, and can this incident cost be used as an average to draw conclusions from in the long term in respect to assessing Conficker's financial impact on affected networks? Let's find out.

The infection obviously caught them off guard, since no antivirus, IPs, patch management solutions or general security awareness were in place. The results came shortly - hundreds of unprocessed bus lane fines due to service disruption, post-infection network-wide USB device ban, installation of antivirus software and patch management solutions, and a thousand Conficker infected laptops accumulating such a hefty clean up bill.

According to the audit report, 600k pounds went for consulting fees support and expertise and another 600k for the purchase of Wyse terminals to replace the PCs which have been affected. The report always tries to emphasize that the purchase of the Wyse terminals has been budgeted long before the Conficker infection took place, which I doubt based on single sentence within the incident response document attempting to explain how Conficker attacks - "The Conficker virus attacks ICT systems by what is known as a “denial of service attack”.

In April, the Cyber Secure Institute estimated that the economic cost of Conficker is as high as $9.1 billion based on the average cost for related malware incidents analyzed in their previous studies. The high cost was once again accumulated by considering the purchase of counter-measure software, a cost which is also pretty evident in Manchester City Council's case, once again indicating a blurred perception of pre-malware infection costs and post-malware infection costs where no security solutions are active in the fist place, naturally increasing the size of the bill.

The 1.5m pounds cost incurred by Manchester's City Council may not be the real Conficker cost, but the cost for the lack of basic security awareness which would have prevented the infection or mitigated its impact. A matter of interpretation or not, the money is gone, and it's money gone in times when Conficker remains in stand-by mode.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

47 comments
Log in or register to join the discussion
  • And let us not forget the costs of people refraining from performing

    necessary tasks because of fear. And the costs the USB drive ban.

    Incalculable costs really.
    InAction Man
    • They could have saved 2 million by

      hiring an IT director early on, one that took the outside wourld seriouslly. instead they were left with

      [i]The infection obviously caught them off guard, since no antivirus, IPs, patch management solutions or general security awareness were in place[/i]

      Linux servers with the FAA, Apple botnets via illegal downloads, the story is all the same.

      Shoddy oversite, plain and simple.

      I imagine a few people will be looking for new employment shortly...
      GuidingLight
      • Making up poor excuses again, hey Misguinding Light?

        Accept your destiny, a malware victim you shall be.
        InAction Man
        • It is only an excuse when it is not fact

          which is what I postd: a "fact"

          What is your excuse for the FAA server (or any Linux server) being hacked? What is your excuse for the OS X botnet?

          What is your excuse for those running Windows systems that were not compromized at anytime.

          I understand people like you hate facts, that you wish to blame Microsoft for everything, and Apple or Linux for none, but the bottom line, the undeniable truth, is that anyone using any operating system, who stay on top of it, do not generally have these issues.

          Please grow up and learn to deal with the truth, will you not?
          GuidingLight
          • First you prove your <s>facts</s> <u>claims</u>

            then we'll talk.
            InAction Man
          • They have been proven time and time again

            right here on ZDnet, from the bloggers themselves.

            When the FAA server, or FBI server were hacked, they were hacked: the bloggers did not make up false stories claiming they were hacked, they were hacked, and in the news.

            The OS X botnet was a true story, it was not made up by an imaginative mind looking to fool everyone, it exists for preciesly the reasons reported on: It was installed while installing a pirated copy of iLife.

            The blog above comes straight out and say what the audit determined.

            Not a claim, but a fact.
            GuidingLight
          • If I recall well, in that FAA case it all started with a windows virus

            that allowed the hackers to become system administrators. From there it was smooth sailing for the hackers all the way.

            As far as I know that system still has thousands of windows clients on it, and a few windows servers. How can it be safe being that way?
            InAction Man
          • lol, so your plan is, blame windows for a linux hack?

            Lame. Got a source for where you might have read such a claim?
            rtk
      • They could have saved 2 million just by installing a basic AV package.

        nt
        Hallowed are the Ori
        • Which apparently they did have...

          As they have an anti-virus supplier, who was already working with them on cleaning another virus that had got through into their systems before conficker.

          Their problem looks more like their av systems were behind in patching/updating on enough systems that they got hammered. It also seems they weren't as strict with their users about what to do or not do to mitigate risk. Mind you, their end users are not "highly trained IT gurus" who sneeze active directory hierarchies and such.

          That and they seem to have a lot of laptops which are nasty to keep secured in any meaningful way at the best of times.

          Of course some of the "usual suspects" here in zdnet would never have anything bad happen to their systems like this, and they don't even use av!
          zkiwi
          • LOL

            [i]Mind you, their end users are not "highly trained IT gurus" who sneeze active directory hierarchies and such.[/i]

            LOL. Thanks, I've got to remember that one.
            Hallowed are the Ori
          • See what you get when you reply to an idiot?

            What made you believe that presenting your analysis to an idiot was a good way of putting your skills to good use?

            P.S. That was some good analysis, by the way.
            InAction Man
          • Awww.... now see.

            I actually laughed at the mental image of a user sneezing and having active directory hierarchies spew out their nose and mouth. I laughed because I thought it was funny, not because I thought his post was inaccurate or anything else.

            See what happens when you run your stupid mouth when you have absolutely no idea what the hell you're talking about? You wind up looking like the trolling fool that you are, FOOL!!!

            nonzealot should be ashamed for b!tch-slapping a dullard like you over the last few days... I can see now that it's hardly been a fair contest.

            Hallowed are the Ori
          • Did you believe you could escape that easy?

            Nice try though. Who do you think you're trying yo fool? Fool!
            InAction Man
          • Huh?

            Now it's not often that NonZealot and intellect can be said to be present in the same space/time location.

            Who knows, he's probably in line for an iPhone or something.
            zkiwi
          • @zkiwi

            [i]Who knows, he's probably in line for an iPhone or something. [/i]

            Heh... that's twice you've given me a good chuckle this afternoon.

            And now, I'm off to prepare for the July 4th festivities. Have a pleasant weekend.
            Hallowed are the Ori
          • When the graceful exit fails there's always the option to go off on retreat

            Happy festivities whad.
            InAction Man
          • don't forget the wickedly clever

            plugging your eyes and ears and pretending not to hear someone? Otherwise known as "I've no time for you".

            That's an option some chose instead of full retreat.
            rtk
        • They could have saved more than that by

          using an OS that does not need Anti-Virus/Spyware/Malware.....
          deaf_e_kate