Malware Strikes Computers of Lincolnshire Council with a Demand of 1 Million Pound

The website of Lincolnshire County Council has been down due to ransomware attack, which is demanding 1 Million Pound. The malware infected online systems of the council as well as its public-facing website, and encrypted all files and announced that it would not decode these files unless they receive ransom money from the council. The local authority was infected when a user opened an email, which allowed the malware to attack its computer systems. Lincolnshire says that systems have now been restored, and no data was stolen during the attack.

Official of Council tweeted on 31st January, 2016, which read: "After a malware attack, the bulk of our systems will be restored online by tomorrow morning and no data has been stolen. Thank you".

Although sites were closed down, the council claimed that only few files were encrypted by the malware and confirmed that the website would be restored again early this week. Itpro.co.uk posted on 1st February, 2016, stating that everything seems to be working normally at the time of writing. Having confirmed it as a zero-day attack, the authority said that unfortunately they were the first organization to have been targeted with this specific malware, and that security experts were not aware of this type of ransomware before.

The malicious software attack started in the afternoon of 26th January, and held huge volume of the council's data at ransom. There is no guarantee that the hacker will decrypt the data even after receiving the ransom amount, and hence, bogus-blackmailing and demand for ransom will continue. Organizations cannot protect their endpoints by only depending on antivirus. More advanced techniques are required. Whitelisting, by which a threat is gauged from a set of theories and familiar individuals to look for a likely problem, can help to discover this kind of malware even if it has never surfaced before.

This should be then joined with large threat intelligence, where you can see if a selective file has ever been before. If it is not seen, then it might be zero-day and dangerous. This enables organizations to become keen about security and escape falling into this kind of trap.

» SPAMfighter News - 2/10/2016