Two years ago the local authority for the Outer Hebrides suffered a cyber incursion that impacted delivery of frontline services and resulted in costs of hundreds of thousands of pounds
A report into a cyberattack on a Scottish council has found that the organisation had not properly prepared for such an event.
A new report from Scotland’s accounts commission finds that, while Comhairle nan Eilean Siar – also referred to as Western Isles Council – did take swift action to protect its systems following a ransomware assault in 2023, it had not adequately prepared for a potential attack.
The review found that the impact of the attack was immediate, crippling the council’s ability to function and resulting in the near total loss of the data held on the council’s file share servers. The attack was identified as a sophisticated ransomware attack where attackers had installed malware onto the council’s system that encrypted and removed access to the council’s systems and data. The report does note that the council “escalated the issue appropriately” when it was discovered, meeting regularly and ensuring that a temporary website was available for constituents.
As a result of the attack, various services were affected, leaving users unable to access critical services like paying council tax. The report said the impact of the disruption is still being felt, as some services like housing benefit are still recovering and dealing with significant backlogs.
“Both the auditor and the i
TPRM report: https://www.rankiteo.com/company/comhairle-nan-eilean-siar-recruit
"id": "com1764299411.857938",
"linkid": "comhairle-nan-eilean-siar-recruit",
"type": "Ransomware",
"date": "2023-01-01T00:00:00.000Z",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': None,
'industry': 'Public Sector',
'location': 'Outer Hebrides, Scotland, UK',
'name': 'Comhairle nan Eilean Siar '
'(Western Isles Council)',
'size': None,
'type': 'Local Authority / Government'}],
'data_breach': {'data_encryption': 'Yes (malware encrypted '
'council systems and data)',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'date_detected': '2023',
'description': 'A sophisticated ransomware attack on the local '
'authority for the Outer Hebrides (Comhairle nan '
'Eilean Siar / Western Isles Council) in 2023 '
'crippled frontline service delivery, resulted in '
'the near-total loss of data on file share '
'servers, and incurred costs of hundreds of '
'thousands of pounds. The council had not '
'adequately prepared for such an event, though it '
'responded swiftly post-attack by escalating the '
'issue, holding regular meetings, and setting up '
'a temporary website. Services like council tax '
'payments and housing benefits were severely '
'disrupted, with some backlogs persisting.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Near-total loss of data on file '
'share servers',
'downtime': None,
'financial_loss': 'Hundreds of thousands of pounds',
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'Crippled ability to function; '
'disruption to frontline '
'services (e.g., council tax '
'payments, housing benefits)',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': ['File share servers',
'Critical service systems (e.g., '
'council tax, housing '
'benefits)']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed (per Accounts Commission '
'report)',
'lessons_learned': 'The council had not adequately prepared for '
'a potential cyberattack, highlighting gaps '
'in incident preparedness and resilience '
'planning.',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Lack of adequate '
'preparation for '
'cyberattacks',
'Insufficient '
'resilience '
'planning']},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Scotland’s Accounts Commission Report',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': ['Escalation of issue',
'Regular meetings',
'Temporary website for '
'constituents'],
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Ransomware Attack on Comhairle nan Eilean Siar '
'(Western Isles Council)',
'type': 'Ransomware Attack'}