Cryptolocker Virus Attack

Just after 11 am yesterday (Wednesday), Council’s computer systems were attacked by a crypotolocker virus variant which was so new that it was not recognised by our protection software. 

The virus uses a host desktop device to target file-sharing software, encrypting any files it gains access to. As soon as the attack was detected, we began shutting down our systems to limit the damage and prevent the virus spreading. Our IT and external support staff have worked around the clock to identify and cleanse our systems of infected files and progressively restart them as they were confirmed to be safe.

We believe the situation has been contained and that we will have all of our essential systems back in operation in a relatively short timeframe. However, we are taking extreme precautions and monitoring all activity exhaustively to ensure that anything unusual is immediately detected. If that process throws up anything suspicious, the system involved will be immediately shut down and the symptoms investigated.

Key Messages

  • We believe the virus was contained within our systems and not passed on. 
  • The forensic investigation into this attack has not been completed, and we have yet to determine how the virus was introduced. It is likely to have been via an email carrying a link to a hostile site, or an infected attachment. Should you receive any email which refers to a resume or CV in the title, treat it with the utmost suspicion.
  • Our protection systems have been updated to prevent re-infection. Our email system also now carries a greater range of mail blocking measures.
  • Anyone who completed any transactions with the Council on Wednesday is asked to contact our Customer Services team and provide details, as there is a chance that the record of that transaction may have been lost.

We apologise for any inconvenience or delays this situation may have caused. Our first priority has been to limit damage and prevent the virus spreading. The degree of caution involved has made this a time-consuming process, but as a result, we have a high degree of confidence that when our systems are fully reinstated, all potential issues will have been recognised and dealt with.

If any information of relevance to our external stakeholders is discovered through the forensic process now underway, we will communicate that without delay.  


First posted: 

Thursday, 26 March 2015 - 5:52pm