Virus attack costs Ealing Council £500,000

A council is facing costs of over £500,000 after an employee released a Conficker D virus on to its network.

A council is facing costs of over £500,000 after an employee released a Conficker D virus on to its network.

An infected USB stick was plugged into a PC on May 14th this year, and the virus quickly infected large swathes of the Ealing council's network. The network had to be shut down, infected PCs were rebuilt, and 200 devices had to be replaced.

Some services took weeks to re-instate, leaving Ealing with a bill of £501,000, according to a report released yesterday.

Eradicating the virus cost £75,000, replacing broken PCs cost £120,000 and staff overtime cost £7,000.

Delays in processing parking tickets meant £90,000 of revenue was lost. Overtime, emergency IT support and lost income cost another £39,000.

Ealing Homes lost £170,000 in overtime, increased repairs costs through an inability to process invoices and increased rent arrears.

The council is also looking at an upgrade to Windows XP, which gives increased security. This could cost a further £500,000.

It has introduced a new policy on removable devices such as USBs, which must now all be registered with the council and encrypted.

It said, "There are lessons learned from the way the incident was handled in terms of co-ordination and communication. However, although the approach taken in cutting network connections to remote sites and the internet caused difficulties in restoring services quickly, it certainly helped protect our core systems and data. No data was corrupted or damaged by the virus." It said server infrastructure was also unaffected.

A council spokesman said, "Ealing Council's computer and telephone network was attacked by a sophisticated virus. The council acted immediately to protect all data and ensure that essential frontline services could continue to operate.

"Costs to the council included urgent work to recover computer systems and prevent the virus from spreading."

Read more on IT governance