Scottish council still rebuilding systems two years after ransomware attack

Auditors remain concerned about the cyber resilience of a Scottish council as some systems are yet to be fully rebuilt following a ransomware attack in November 2023.

The ransomware attack on Comhairle nan Eilean Siar, in Scotland's Western Isles, required "several" of its systems to be reconstructed, among other damage – especially to the authority's finance department.

Systems for housing benefits, council tax, and non-domestic rates remain unrestored, with their large data volumes slowing the digital renovation, the audit noted.

A report [PDF] on the attack, published by Scotland's Accounts Commission today, commended the Comhairle's swift response to the attack, but highlights various gaps that remain in its cybersecurity defenses.

In addition to systems destroyed by the attack that still have not been rebuilt two years later, some of the key recommended cybersecurity improvements made at the time have also yet to be implemented.

As of September ...