It took six days for Lincolnshire city officials to resume normal activities after a ransomware infection locked up City Council computers last Tuesday, January 26, 2016.
Initial reports from local newspaper The Lincolnite said that the ransomware authors were requesting payment of £1 million ($1.43 million) to unlock the affected computers.
The newspaper did correct its reporting four days later after city officials had a chance to investigate the issue in depth, and said that the ransomware's authors were only asking for the equivalent of $500 in Bitcoin.
Ransomware infections affects several local services
The ransomware, which arrived via spam email, locked up several computers and the adjacent data, causing outages in various local services that were using it.
The Lincolnshire services that had to alter their normal operations include the Lincolnshire Fire and Rescue Department, the CallConnect rural bus service, public libraries, and social service workers who had to return to filling in forms by hand.
As soon as the infection was detected, City Council officials called local police officers to help with the investigation. The IT network was also taken offline to prevent further damage, and the affected computers were isolated.
Services were restored to normal this morning
This past Sunday, city officials announced that their IT system would be brought online this Monday morning.
Officials did not say which ransomware strain infected Lincolnshire City Council computers, but they specifically said it was not CryptoLocker, a famous crypto-ransomware that was one of 2014’s most spread ransomware families.
A similar incident happened in India, where the LeChiffre ransomware infected hundreds of computers in the IT networks of three banks and a pharmaceutical company, encrypting files and requesting 1 Bitcoin per computer, amounting for a total ransom that ran into millions of dollars.
Emsisoft's Fabian Wosar cracked the ransomware's encryption algorithm a few days later and created a decrypter that allowed victims to recover their encrypted files for free.
The Customer Service Centre is still running a limited service due to a malware attack. Please only call if absolutely necessary. Thanks
— Lincs County Council (@LincolnshireCC) January 28, 2016
LFR are currently unable to receive incoming emails. If you have a service request contact 01522 582222 or in an emergency dial 999.
— Lincs Fire & Rescue (@LincsFireRescue) January 28, 2016
Due to the ongoing I.T outage, we can only provide a same day service on Sat. Tel: 0345 2343344 from 8am @LincolnshireCC @BBCRadioLincs
— CallConnectBus (@callconnectbus) January 29, 2016
We are working with Lincolnshire County Council following a malware attack: https://t.co/qhwPRC6faw
— Lincolnshire Police (@lincspolice) January 29, 2016
Following a malware attack, the majority of our systems will be back online by tomorrow morning. No data has been stolen. Thank you
— Lincs County Council (@LincolnshireCC) January 31, 2016