Some local authorities reported being bombarded with thousands of spam emails and receiving ransom demands to decrypt data.
Freedom of Information requests showed 19 of Scotland’s 32 councils experienced either attempted or successful attacks since 2014.
Ransomware attacks were reported by 14 local authorities, sometimes on multiple occasions.
Four councils refused to reveal any information, with two fearing doing so would leave them vulnerable to future attacks.
Of the incidents logged by 19 councils, only nine authorities reported any of them to police, although no data was stolen or lost.
The investigation revealed Scottish local authorities were subject to more than 50 notable incidents in the past three financial years with Aberdeen City Council one of the hardest hit (2014 and 2017, it suffered 12 successful cyber attacks, including six ransomware incidents, having its webpage defaced and recording more than 15 million attempts, including intrusion threats, spam, web risks and viruses, in the last eight months of 2016).
- Highland Council targeted 953 times (including two partially-successful ransomware attacks)
- East Lothian Council received more than 415,000 unsuccessful spam emails
- Perth and Kinross Council reported blocking an average of 1.2 million spam emails every month
- Falkirk, Glasgow City, North Ayrshire and Dumfries and Galloway councils refused to disclose any details
- Dundee City Council was on the receiving end of three ransomware attacks
- North Lanarkshire Council had two malware incidents in 2015 and three ransomware in 2016
- Edinburgh City Council reported nine incidents, including malware preventing access to systems, a sustained denial of service (ddos) attack, and malware being installed and copied
- 11 of Scotland’s health boards were affected by the WannaCry attack in May which affected the NHS network across the UK
- NHS Fife logged 693 attempted malware attacks
- NHS Lanarkshire reported 51 attempted or successful attacks and NHS Greater Glasgow
- NHS Clyde was subject to four cyber breaches in 2016, where files became inaccessible after being encrypted by ransomware. In all cases, data was recovered and the ransom was not paid
- NHS Tayside reported up to 7,000 attempts every month including ransomware
- Dumfries and Galloway, Shetland and the Borders health boards said they had no attempted cyber attacks. No board reported losing data.
In the overwhelming majority of cases the breach affected limited areas of the public body’s network, with swift action taken to contain and repair systems and no patient data lost or compromised. The fact that a wide range of measures are taken to ensure basic security standards are met means that losses and fallout are mitigated.
A spokesman for local authority umbrella body Cosla said: “We fully recognise how important our cyber security is and we are doing everything we can to safeguard councils against such attacks.”
Detective Inspector Eamonn Keane from Police Scotland’s cyber crime unit, added: “Cyber crime has witnessed significant growth. The cyber threat to Scotland is indicative of that local, national and international threat applicable to all regions in the UK. We always encourage anyone who thinks they’ve been a victim of cybercrime to come forward and report it to police.”
We at Cyber Security Helpdesk would always agree with this best practice advice. We would also suggest that following a Cyber Attack the appropriate personnel and partners are enlisted to (a) fight the attack, (b) repair systems, (c) ensure that business continues as normal.