In 2016, Lincolnshire County Council was subject to a malicious software attack causing a week-long shut down of the council's IT systems as the authority investigated the malware’s impact.
A member of staff opened a malicious attachment to email (zip file) at about 9.30am but the incident was not reported until midday. Increased activity on network file stores was identified and the true severity of the incident was recognised. The IT systems were shutdown to prevent damage whilst the precise nature of the threat and appropriate corrective action were identified.
This was a “zero day” attack meaning this particular malware attack was not already known to the security industry. A ransom demand was presented on screen ($500 bitcoins for each affected device). It encrypted files preventing access to the files it attacked.
The email which introduced the malware spread to 300 users and over 47,300 files were encrypted by the time the shutdown was in place. Damage was limited by containment action. Staff were left with pens, paper and telephones, and business continuity plans were activated.
- 24 x 7 IT activity for the council and its technology partners for six days.
- Co-ordinated management of business priorities and IT activity at several levels
- Communication challenges
- Staff resilience and flexibility
- Catching up
- Valuable media support
- The downtime proved a valuable exercise and resulted in a review communication cascade regularly
- External validation of your approach is valuable
- Wide range of stakeholders
- How strong is your Information governance
- Consider the financial impact
- Embrace the press.
- Is cyber security on your corporate or strategic risk register?
- How good is your information governance awareness?
- Can your organisation communicate effectively without IT?
- What would your staff do for five days without IT?
- How would your service users be affected?
- Do your contracts include appropriate provisions?
- What would it cost your organisation?
- How would you close down your IT?
- Do your Services and your IT function understand each other?
- Are you BC plans based on an understanding of realistic IT recovery times?
- What are your BC plans designed to deal with and without?
- Do you know if they will work?