OVER A QUARTER of the 430 local councils around the UK have fallen victim to some kind of ransomware according to a study based on a Freedom of Information Act (FOI) request conducted by security firm Barracuda.
115 councils (27 per cent) said they had been victims of security ransoms, while 43 per cent said they hadn't.
Most worryingly, the remaining 30 per cent said they didn't know if they had been or not as their IT had been outsourced to private contractors.
Many of the councils said that they had not paid the ransom, but simply restored their data from a backup. 70 per cent of councils say they back up data with the remainder being the same 30 per cent who outsource.
The survey estimates a total of 27,604 terabytes of data are being stored by local councils, with 64TB being the average per council. This will include a significant amount of data about its constituent citizens.
Chris Ross, SVP of International at Barracuda Networks commented: "While it's promising that the majority of councils affected were able to remediate ransomware attacks quickly due to their backup system working correctly, it's still disappointing that so many of them fell victim to ransomware in the first place."
Last week it was revealed that England and Wales' second biggest police force, Greater Manchester, still runs Windows XP on one-in-five PCs whilst the Metropolitan Police continues to run XP on a variety of machines - leaving both open to ransomware such as WannaCry, despite emergency patches being released by Microsoft.
This new survey is the latest to show a disconnect between security and safety of public data and those in charge of protecting it.
Data suggests that in the event of a ransomware attack on a public body such as the police force, 49 per cent of respondents believed that the government should be made to pay the ransom. This is despite the fact that in many cases, the object of ransomware is not actually raising money, but state sponsored actors trying to destroy data.
Similarly, the NHS relies heavily on outdated security measures for its services, and whilst most of them are "offline" there is concern that lifesaving equipment such as life support systems could accidentally be compromised in an attack. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither