Lincolnshire County Council Recovers From Ransomware Attack


The council shut down its systems for most of last week after being hit by a ransomware attack

Lincolnshire County Council said it has restored its systems following a malware attack that forced it to revert to pen and paper for most of last week.

“Following a malware attack, the majority of our systems will be back online by tomorrow morning,” the council said in a Twitter post on Sunday, adding that no data was compromised. The council later confirmed in a separate statement that its systems were back online.


Lincolnshire County Council shut down its IT systems on Tuesday when it detected the attack, which was triggered when a member of staff opened a malicious attachment in an email.

The zero-day attack exploited a previously undiscovered vulnerability, meaning up-to-date security systems were unable to defend against it, the council said.

The malicious attachment launched a ‘ransomware’ program that encrypted files and demanded $500 (£350) in Bitcoins as payment to restore the data. No data was accessed by the attackers, the council said.

The council said it had shut down its systems as a precaution to prevent the malware from damaging more files. Four hundred fifty-eight servers and 70 terabytes of data were scanned to ensure their integrity, the council said.

While systems were down, staff reverted to telephone contact and pen and paper, according to council chief information officer Judith Hetherington-Smith.

Many of the affected files were available from back-ups, she said.

No data accessed

Around 300 computers were affected, with services such as the booking of local transport services and library computer access impaired, according to the council.

Lincolnshire police said there was no evidence data was extracted from council systems and that they are investigating the incident.

The council did not consider paying the ransom, according to Hetherington-Smith.

Security experts warned in December that one in ten ransomware emails now target the UK, as attackers look to continue the success of such attacks in 2015.

Such attacks include Android.Lockdroid.E, which locks a user’s Android smartphone and threatens to send browsing history to the user’s contacts, and Lockerpin, which alters a phone’s PIN lock function, stopping users from accessing their device.

Are you a security pro? Try our quiz!

Click to read the authors bio  Click to hide the authors bio