UK councils are proving a tempting target for ransomware attacks, with more than a quarter (27%) having fallen victim according to the findings of a Freedom of Information (FoI) request – issued to 430 UK councils – from Barracuda Networks, a provider of cloud-enabled security and data protection solutions.
The 27% of respondents who admitted to being a victim of ransomware, equates to 115 councils.
>See also: Only half of local authorities are prepared for a cyber attack: surprised?
43% also said they hadn’t been successfully attacked by ransomware, while the remainder (30%) didn’t respond due to their IT services having been outsourced.
Of those affected, 99% did not pay the ransom. Just one UK council admitted to paying to release their data, but did not disclose how much this fee was.
Many councils affected by ransomware did not pay as they had backed up their data. Almost three quarters (70%) of respondents said they have a backup system in place.
>See also: AI-driven: the journey into the cloud for Aylesbury Vale District Council
Again, the remainder (30%) likely didn’t respond due to their IT services being outsourced. No councils admitted to not having a backup system in place.
As the UK public sector continues its cost saving push towards bringing ever more services online, the amount of data being stored and the risk posed to that data both increase.
With councils now backing up in excess of 27,604 terabytes (TB) collectively, and each council backing up 64 TB on average, it’s clear there’s an increasing amount of citizen data held by these organisations that needs protecting.
>See also: UK public libraries to become a ‘single digital presence’?
Chris Ross, SVP International at Barracuda Networks commented: “While it’s promising that the majority of councils affected were able to remediate ransomware attacks quickly due to their backup system working correctly, it’s still disappointing that so many of them fell victim to ransomware in the first place.”
“Although having a backup system has undeniably helped many organisations to avoid paying the ransom, backup should not be their only means of defence. With the new European Union (EU) GDPR around the corner, the UK public sector needs to ensure it employs a cyber security strategy that protects all attack vectors and surfaces to keep citizen data safe and avoid the upcoming large fines for data breaches.”