A council is facing costs of over £500,000 after an employee
released a
Conficker D virus on to its network.
An infected USB stick was plugged into a PC on May 14th this
year, and the virus quickly infected large swathes of the Ealing
council's network. The network had to be shut down, infected PCs
were rebuilt, and 200 devices had to be replaced.
Some services took weeks to re-instate, leaving Ealing with a
bill of £501,000, according to a report released yesterday.
Eradicating the virus cost £75,000, replacing broken PCs cost
£120,000 and staff overtime cost £7,000.
Delays in processing parking tickets meant £90,000 of revenue
was lost. Overtime, emergency IT support and lost income cost
another £39,000.
Ealing Homes lost £170,000 in overtime, increased repairs costs
through an inability to process invoices and increased rent
arrears.
The council is also looking at an upgrade to Windows XP, which
gives increased security. This could cost a further £500,000.
It has introduced a new policy on removable devices such as
USBs, which must now all be registered with the council and
encrypted.
It said, "There are lessons learned from the way the incident
was handled in terms of co-ordination and communication. However,
although the approach taken in cutting network connections to
remote sites and the internet caused difficulties in restoring
services quickly, it certainly helped protect our core systems and
data. No data was corrupted or damaged by the virus." It said
server infrastructure was also unaffected.
A council spokesman said, "Ealing Council's computer and
telephone network was attacked by a sophisticated virus. The
council acted immediately to protect all data and ensure that
essential frontline services could continue to operate.
"Costs to the council included urgent work to recover computer
systems and prevent the virus from spreading."