As reported by the BBC, a gang demanded an £800,000 Bitcoin ransom in a cyber attack on a firm owned by Kent County Council, and leaked its data on the dark web. Kent Commercial Services (KCS) delivers services and supplies to public authorities, including protective equipment during the Covid-19 crisis. No ransom was paid and no personal data relating to taxpayers was stolen,
Stolen data that went on the dark web contained business and corporate information relating to business activities of KCS, based in Aylesford. It took the company over four weeks to get the majority of systems back online with additional security, with remaining systems going live in the next two weeks.
Ransoms should never be paid, but this highlights the length of time organisations take to get back up and running without the proper infrastructure in place. It’s a huge dilemma for anyone once in the situation where the systems are encrypted, and there’s no easy route out. The ransoms are usually eyewatering and even a day without network is painful.
Cyber criminals increase the likelihood of organisations paying out by leaking some of the compromised data to show them they mean business. This in turn risks discussions with the ICO, separate cyberattacks and further ransomware attacks from different threat actors.
Rather than wait to be an inevitable target, organisations must batten down the hatches and carry out full risk assessments on their networks to discover any vulnerabilities before cyber criminals take advantage of them. In particular, a number of UK councils have been targeted lately and this will continue until they buck the trend and defend their systems.