Ransomware (FOI)

​Request

My request is about so-called "ransomware", a type of computer malware which makes user data inaccessible using an encryption key known only to the attacker, who then demands payment from the user to restore access to the data.

A
Have any States of Jersey computers ever fallen victim to this type of attack and if yes, how many times has this occurred and which departments were affected?

B
Has payment ever been made to an attacker and if yes, how much was paid per incident?

C
Have the States ever paid an attacker to restore access to files, and not successfully obtained the decryption key?

D
Do the States have an official policy regarding "ransomware" payments and if yes, what is it please?

Response

A
There has been one spate of three incidents on three separate machines from 26 February 2016 to 4 March 2016 - all the same variant of ransomware.

This affected only the Ambulance service and impact was limited to staff roster information being unavailable for approximately four hours whilst the incident was contained, investigated and finally data restored from backups.

During these incidents there was no impact to service provision to patients.

B
No payment has ever been made.

C
N/A

D
There is no offical policy regarding ransomware.