$500 zero-day ransomware attack takes council offline for nearly a week

A county council took many systems offline after a ransomware attack to prevent further infections.
Written by Danny Palmer, Senior Writer on

Hackers shut down Lincolnshire County Council.

Image: On Air Images

IT systems at Lincolnshire County Council have returned to normal nearly a week after they were hit with ransomware.

The local authority was infected after a user opened an email which caused malware to attack its computer systems. Systems have now been restored and Lincolnshire says no data was stolen in the attack.

Police have confirmed that the council was asked to pay a ransom fee of $500 (£350) in Bitcoin -- a fee which hackers threatened to increase the longer it took to receive payment -- in exchange for systems being unlocked, but the request was refused.

A tweet from the council posted several days after the attack read:

"A demand for $500 was not paid and as a public authority, this was never something they were going to do," said Lincolnshire Police.

The attack represents the largest of its kind against Lincolnshire Council, which claims it has been the victim of zero-day malware, an attack previously unknown to security experts.

Once the malware was discovered, the council closed down its entire IT network to prevent it being further compromised. It said 458 servers and 70 terabytes of data were then scanned to ensure malware hadn't infiltrated any other systems.

The shutdown affected services including local libraries and online booking systems, and resulted in council staff needing to revert to non-digital means of doing business.

"People can only use pens and paper, we've gone back a few years," Lincolnshire County Council chief information officer Judith Hetherington-Smith told the BBC during the downtime.

The systems were knocked offline on Tuesday, 26 January, and it took almost a week for Lincolnshire to fully restore its network and enable staff to use computers and the internet once again.

According to Stephen Furnell, head of the Centre for Security, Communications, and Network Research at Plymouth University, the ransomware demand against Lincolnshire "clearly illustrates the significant impact that can result from such attacks, and illustrates that technology cannot prevent them all from getting through".

"What sounds positive is that the backup will provide some level of fallback, but even with this safeguard the recovery is not instantaneous," he told ZDNet.

"It's interesting to hear that reverting to manual processes has enabled them to keep things going here, but it would not always be feasible or sufficient in all cases," Furnell added.

Lincolnshire County Council said it is working alongside the local police force in an effort to identify the perpetrators of the attack. Lincolnshire Police has also issued advice on how to prevent potential targets becoming victims of future attacks.

"Email is a particular tool that fraudsters use as a means of accessing and 'tricking' a potential victim. If you follow some very basic rules you will dramatically decrease you chances of become a victim of fraud or malware," said regional cybercrime protect officer detective sergeant Carole Walton.

Read more about ransomware and cybercrime

Editorial standards