Monday, 1 February 2016

Zero Day Ransomware?

There was a major Ransomware incident at Lincolnshire County Council in the United Kingdom at the end of January.  Of interest because it is being reported as a “zero day exploit” - ie using a previously unknown security flaw.  The BBC report is here:
http://www.bbc.com/news/uk-england-lincolnshire-35443434

The register.co.uk website has a few more details:
http://www.theregister.co.uk/2016/01/28/lincolnshire_council/
quoting a council spokesperson as saying that 300 computers were hit by the ransomware.

The details are quite sketchy, but if this is a zero day ransomware exploit that has been able to impact 300 computers on the council’s network, then the implications are scary.  The CryptoLocker/CryptoWall ransomware variants do not (yet) try to exploit vulnerabilities to attempt to replicate themselves.  Lincolnshire County Council will be doing CIO’s the world over a favour by releasing details.

No comments:

Post a Comment