UK Councils Targeted in Ransomware Scare

At least 30% of UK councils fell victim to ransomware attacks during 2015, a Freedom of Information (FoI) request has revealed.

The FoI request came from endpoint security company Avecto. It approached 46 UK councils about their experiences with ransomware. Nearly one-third (30%) said they had been a victim of ransomware in 2015. One council admitted to 13 different ransomware attacks. 

Of those councils that were ransomware victims, 65% said they refused to pay a ransom, while the remaining 35% refused to reveal whether they had paid up or not. Avecto says this indicates that those councils had suffered some kind of data loss as a result of the attack,

While that figure of 30% may seem high, that actual number could be far higher. Of the 46 councils Avecto approached, nine withheld information and a further 14 failed to respond at all, making a true figure difficult to arrive at.

Paul Kenyon, co-founder and co-CEO at Avecto described the statistics as “sobering.”

“Ransomware attacks are particularly attractive to cyber-criminals because they can be relatively cheap and easy to deploy, and even if a minority of targets pay up then the attack overall can be profitable. It’s estimated that 9515 users in the US alone are paying ransoms every month,” he added.

Ransomware is a growing threat to businesses across the globe. It accounted for 42% of all security incidents in 2015, and struck a wide variety of industries, from hospitals to big businesses to local councils. 

In fact, Lincolnshire Council was hit with a ransomware attack in January this year that rendered its IT systems useless for several days, with staff forced to do their work with old fashioned pen and paper. The ransom demanded was thought to be around $500 in Bitcoin, but the council refused to pay.

Some victims do however pay up; The Hollywood Presbyterian Medical Center paid $17,000 after ransomware locked down its IT system and forced it to cancel patient operations. That case prompted US and Canadian authorities to issue official warnings about ransomware. This came just after the FBI issued a warning to companies to not pay any demands from ransomware.

What’s Hot on Infosecurity Magazine?