Office supplies biz owned by UK council shrugs off ransomware demand for 102 Bitcoin

Firm told customers they'd got a new Gmail address


A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email.

Kent-based Commercial Services Group (CSG) was struck by ransomware deployed by a "foreign criminal organisation" in early April. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.

The stricken company followed up, according to the blog, by setting up a Gmail account for its data protection officer and writing to customers urging them to ask questions via that route.

It continued: "Do not respond to any emails received from Commercial Services email accounts."

CSG is a rather far-reaching commercial organisation that resells office supplies and, latterly, personal protective equipment to various customers up and down the nation including some local councils. It is wholly owned by Kent County Council.

In a statement Kent County Council told us: "On the 2nd April 2020 Commercial Services (CSG) was subject to a ransomware attack which encrypted a significant number of its systems and data. This current and malicious 'malware' managed to avoid 3 levels of professional IT security. This sophisticated attack allowed the criminals to access CSG's systems and encrypt a significant amount of data. The cause of the attack bears the hallmarks of starting with a phishing email that was used to introduce a virus that would compromise the network for further attack."

It added that after the ransom demand was received and ignored, the irate criminals behind the attack leaked some stolen data – something that appears to be increasing in prevalence, despite multiple infosec industry sources having told El Reg earlier this year that such tactics were in decline. It did not confirm what data this was.

Both the National Cyber Security Centre and the Information Commissioner's Office were told of the attack.

CSG chief exec John Burr said in a statement: "The timing of this attack is particularly malicious and challenging given the current COVID-19 pandemic but CSG, Cantium [its sister company] and other retained cyber-security specialists are working flat out to restore the systems and limit any impact this crime might have on its staff, customers and suppliers."

The REvil ransomware gang recently published some data it stole from British firm Elexon after its execs also refused to engage with the gang's ransom demands. Perhaps 2020 marks a turning point, for British companies at least, in fobbing off the tactics of frustrated ransomware criminals. ®


Biting the hand that feeds IT © 1998–2020