COMPUTER SCAMMERS ATTEMPT TO HOLD VALE COUNCIL TO RANSOM

The Vale of Glamorgan Libraries Service has scores of computers

The Vale of Glamorgan Libraries Service has scores of computers

It’s been revealed that the Vale of Glamorgan Council’s Libraries Service  had to be disconnected from the council’s mainframe computer system for two days in February because of what’s described as a “security incident” –  a virus in its computer system.

It’s reported that the “malware [a piece of software designed to disrupt  any computer system into  which it’s ingested] – was “accidentally downloaded from an infected website”.

The identity of the ‘infected website” which had been accessed – presumably in contravention of council regulations – is not given, nor is it explained how such an illicit  website could have been accessed by Vale Council computers. Such infections can also be picked up by opening unverified email attachments.

Whatever the source was,  the downloaded malware created havoc by encrypting files containing council data and then locking them  – making them inaccessible to council staff. The council says “the infection was contained within the Libraries [service] which had to be taken off the network for two days.

The screen message which accompanies the "Locky" ransomware trojan. It means "pay up or you won't see your files again".

The screen message which accompanies the “Locky” ransomware trojan. It means “pay up or you won’t see your files again”.

An increasing amount of computer malware is now “ransomware” – which attempts to extort a ransom from public authorities and companies by promising to send a de-encryption code on receipt of a payment. Often however,  if payment is made, nothing happens and the files remain locked-out.

Scammers demanded £1,000,000 from Lincolnshire County Council to unlock its own computer files

Scammers demanded £1,000,000 from Lincolnshire County Council to unlock its own computer files

Already this year, Lincolnshire County Council’s computer systems had to be shut down for a week as the council held-out against paying a £1,000,000  ransom demanded by the scammers – who demanded payment in the virtual currency Bitcoin .

It’s yet not been confirmed that the Vale Council’s  IT security breach was caused by ransomware , but informed PDN sources say that it’s highly likely  . The main reason for distributing trojans and malware is to extort money.

One of the biggest current threats is “Locky” ransomware – said to be a version of an earlier version called Dridex which affects Microsoft Word documents .

Vale IT engineers had to abandon the files which had been locked and encrypted by the rogue virus and resort to re-loading all the original data from back-up copies – a process which took 48 hours.

 

 

About NewsNet

Penarth Daily News email address dmj@newsnet.uk . Penarth Daily News is an independent free on-line fair and balanced news service published by NewsNet Ltd covering the town of Penarth in the Vale of Glamorgan, Wales, UK. All our news items are based on the information we receive or discover at the time of publication and are published on the basis that they are accurate to the best of our knowledge and belief at that time.
This entry was posted in Penarth Daily News. Bookmark the permalink.

6 Responses to COMPUTER SCAMMERS ATTEMPT TO HOLD VALE COUNCIL TO RANSOM

  1. Mark Foster says:

    FYI as a public service announcement:

    The main problem with Windows operating systems which the Vale of Glamorgan are probably running are 1) an attacker can update Windows files without privileges or without a root password, thus enabling the criminal unwanted encryption of your personal files 2) Windows is by far the most popular operating system, which is why it is attacked more by criminals.

    The only solutions are 1) to make backups of all your files to be re-installed should they become encrypted or 2) to install an operating system which does not allow attackers to update your files without privileges or without a root password. Such an operating system is Linux, which is free, sophisticated and relatively easy to install on your PC in place of Windows. Linux also automatically updates itself from secure software repositories and any external attacks are quickly identified and negated by the Linux community. There has never been a significant virus attack on Linux.

    Infection is likely to come from downloading files from an infected site, often videos from a porn site, or by opening infected disguised email attachments like EXE or Word files in emails either in your spam folder or in an email which has by-passed your spam filter.

    The criminals charge typically several hundred pounds to provide the password to restore your files, and this price escalates rapidly over time if you won’t pay. Provision of the password is said to have cost some Californian hospitals $3.6 million (payable in untraceable bitcoins). There is no solution other than paying to get the password, or restoring your files from a backup as the Vale of Glamorgan had to do.

    In today’s climate, these public and private institutions have a duty to move into secure operating systems as a matter of urgent priority. It is a big job, but I do not understand why they do not do it

    • 733t says:

      Hi Mark. InfoSec professional who takes issue with some of this.

      An attacker cannot update files without privileges to do so. Files have access control lists. An attacker has to somehow obtain privileges to make changes, e.g via a virus that exploits a vulnerability and provides user/admin access. Running applications in the wrong context can exacerbate this problem. E.g Internet Explorer as an admin in Windows, or Firefox with root privileges in Linux. Windows no longer automatically run apps with admin privileges without user authorisation.
      Linux vulnerabilities exist and are exploitable e.g. Shellshock. Linux being virus free is a myth run clamav as a minimum.

      Bitcoin is completely traceable the ledger is public. However using a tumbler and ensuring funds are not withdrawn from an exchange that requires any KYC checks makes it hard to attribute a particular wallet to an individual.

      Institutions have a responsibility to ensure data is secure and available, a range of OS and controls achieve this. There is no perfect solution and the only secure system is one that is not connected to anything else and that no can actually use, i.e. the closer you move towards complete security the less functionality and less easily the sytem is used. Its a balancing act based on risk appetite.

  2. Peter Church says:

    I totally agree have have been using Linux Mint for years without any anti-virus software.
    I have come to the conclusion the virus creators and anti virus writers are two sides to the same coin!
    The Vale Council are amateurs at running actual council, what hope have they when it comes to IT?

  3. sjleworthy says:

    Linux will never ever be adopted by a County Council. Windows is perfectly acceptable with propper security in place and respect for how to use it.

  4. Malwarebytes is simple and free to install and surprisingly effective in the removal of malware. I have been using it for years after advice from an IT professional; but am amazed how many people are unaware of its existence. I’ll not include a link to it here, but would suggest people look it up. Similarly, I am not associated with malwarebytes or any other software company – but do like to share good tips when I can.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s