North Dorset District Council in England's southwest is working with police to identify the source of a ransomware infection in this week.
It is the latest outbreak of file-scrambling malware in what IT security experts believe to be a growing problem for local authorities in the UK.
More ReadingCyber-crooks now prefer ransomware to botnets. Yep, firms are paying upFirst working Apple Mac ransomware infects Transmission BitTorrent app downloadsReinvented ransomware shifts from pwning PC to wrecking websitesOnline crims delight in watching you squirm, says MandiantPay up, Lincolnshire, or your data gets it. Systems still down after ransomware hits
According to an email seen by The Register, the attack had infected 6,000 files on the council's servers by Tuesday.
However, the council said yesterday evening the problem had been fixed.
Councillor Graham Carr-Jones, deputy leader of North Dorset District Council, said: “The ‘ransomware’ attack was quickly detected by our security systems and action was taken to minimise the impact on our systems. No customer data was compromised.
“The council has not made, and will not make ransom payments in such circumstances. We are currently working with other public sector agencies, including the police to identify the source.”
It follows an attack on Lincolnshire County Council last month leading it to turn off all of its networks' computers.
The council eventually got its IT back up and running after attackers demanded a £350 Bitcoin payment.
Mark James, security specialist at ESET, said that many public sector bodies are sitting targets for attackers due to the nature of the data they hold and the cost constraints of upgrading all their systems.
"We hear about healthcare a lot, which is particularly serious because if those systems go offline we're not just talking about malicious software, but peoples' lives," said James.
He added that with more sophisticated encryption targets have little choice between restoring their systems from a backup or paying the ransom.
Eddy Willems, security specialist at G-Data, said attackers were deliberately targeting organisations which appear more likely to pay the ransom to get back online. "Some of these organisations do not have the latest backup [systems] installed," he said.
"We are seeing an increase in the amount of ransomware than previously – there has been an evolution in what's available and will become an even bigger problem in the next year," he added.
Willems concluded that the ransomware problem is not that difficult to stop, providing organisations have the correct security measures in place. ®