Staff at Lincolnshire council are expected to be able to access the majority of their systems this morning after a ransomware attack last week forced a temporary IT shut down.
Council employees were forced to return to pen and paper for several days after the unnamed malware began encrypting files, forcing CIO Judith Hetherington-Smith to order admins to pull the plug.
"It happened very quickly. Once we identified it we shut the network down, but some damage is always done before you get to that point - and some files have been locked by the software,” she told the BBC.
"A lot of the files will be available for us to restore from the back-up."
Some reports suggested that the ransomwarers were initially demanding “a million pounds,” but it appears as if the actual ransom was $500 worth of virtual currency Bitcoin – which is more in line with the amount normally demanded by cybercriminals in this kind of attack.
It is believed the infection began after an employee was socially engineered into opening a malicious email attachment.
“I am pleased to be able to say that we are now at a stage where we are restoring services and when staff come back into work on Monday morning the majority of the systems will be up and running,” Hetherington-Smith told the Lincolnite.
Ransomware is certainly becoming one of the biggest cyber menaces out there – for individuals and businesses alike.
In fact, over half (54%) of all malware targeting UK users in 2015 contained some form of ransomware, security firm Bitdefender claimed in December.
David Flowers, EMEA managing director at endpoint security firm Carbon Black, argued that a more sophisticated approach is needed to stop this kind of malware.
“Whitelisting, whereby a threat is assessed against a set of policies and common characteristics to see if there is a likely issue, can help to spot this type of malware even if it has never appeared before,” he explained.
“This should then we combined with broader threat intelligence, where you can see if a particular file has ever been seen before; if it hasn’t, then it is likely to be zero day and hazardous. This allows organisations to get smarter about security and avoid falling into these sort of traps.”