Cheltenham Council recovers after major malware strike

Unidentified malware causes IT outages
  • John E Dunn (Computerworld UK)
  • — 03 December, 2012 18:12

Cheltenham Borough Council is recovering from a major malware attack that caused disruption to services including online Council Tax payments and the recent Police and Crime Commissioner elections.

According to the local press, the problem was first detected as early as 31 October but it took the Council a week to realise the extent of the infection, when staff decided to undertake a complete scan of systems.

The resulting IT disruption reportedly caused the Council's online Council Tax system to become unavailable for three days and caused a communication glitch that delayed counting of ballots cast by citizens in the outlying town of Stroud during the Police and Crime Commissioner elections.

Staff were also unable to access email and internal systems for three days, the Council has confirmed.

The malware that caused the issue has not been identified and will probably never be made public. The effectiveness of the installed antivirus software will come under scrutiny but the press report stated that "new" - probably updated - antivirus software was eventually able to spot a "numerous new viruses" on Council computers.

No sensitive data is said to have been compromised during the attack with the Council declaring itself "virus free" after several weeks of close monitoring.

The Council had taken "immediate action to secure data and there were no breaches," resources head Mark Sheldon reportedly told an internal committee.

The Council fielded a range of questions relating to the incident during an Overview and Scrutiny committee meeting, including why the installed antivirus software had not picked up the infection earlier.

''The council is now virus free and our ICT systems are stable. It was a very challenging period but staff from within the council, supported by colleagues at Forest of Dean district council, did an amazing job in dealing with the virus quickly and minimising the disruption to staff and our customers," Sheldon added.

"I am concerned about the knock-on effect of this on future budgets because anti-virus measures are expensive," commented Conservative councillor Andrew Wall.

"Also, what are the reputational damages that Cheltenham Borough Council has suffered. We have invested a lot of money in this [security] and it doesn't look like something that has paid us back sufficiently."

Details of malware infections in the UK public sector are rarely publicised and local authorities are under no obligation to report incidents they deem have no data protection implications.

A rare exception was a 2009 incident in which Ealing Council in London was hit by a Conficker variant, an incident that caused significant costs and disruption to services.

Tags: security, public sector

Today's Approach to Security is Broken

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.