In an unlikely hack attack, a town council in Devon is being held to ransom after hackers stole an allotment waiting list.
Entry was gained by a John Vanderwolfe, the town clerk opening a ransomware infected file attached to a phishing email, which infected the council computer and network. Allowing attackers to acquire and scramble files including personal information relating from allotment waiting lists, local residents, to sensitive budgetary information.
The ransomeware hack encrypted and password protected the council’s files into, meaning they are unreadable. In order for the files to be retrieved, the hackers demand that Tiverton Council handover £3,000, or face losing the data for good. Hackers often upload the information to the dark web and sell the sensitive information on to identity fraud criminals.
He said, “It’s a lesson to us all. The virus was horrible and now all of our documents are encrypted. Instead of Word for example, it comes up with gobbledygook. In hindsight you think back and think ‘well why the hell did I do that’, but you just come through in the morning and open your emails. The police have told local people to be very careful, but I was told even if I had the most sophisticated anti-virus software we would still have been unable to stop it. They said that even the FBI have fallen victim to this one.”
A spokesman of Devon & Cornwall Police Force had also warned other local councils of the threat, to ensure their online security is capable of dealing with future attacks.
While ransomware attacks are gaining popularity among cyber criminals, it's very easy to protect against. Making sure your team are cyber-security trained and have up to date information on how the latest phishing attacks work coupled with active social engineering penetration tests make sure staff are aware that there in an active threat. Other prevention methods include secure back-ups and making sure sensitive data is protected by correct usergroup privileges.