Cyber attack hits council computer systems at Comhairle nan Eilean Siar

A suspected ransomware attack has caused significant disruption to IT systems at Western Isles local authority, Comhairle nan Eilean Siar.

The council said access to its systems had been affected.

The Scottish government and computer company Dell have been helping Comhairle nan Eilean Siar deal with the situation.

In a ransomware attack, hackers use malicious software to scramble and steal an organisation's computer data.

Comhairle chief executive Malcolm Burr said the authority was working with Police Scotland, the National Cyber Security Centre and Scottish government in a criminal investigation.

He said: "The comhairle has been the victim of a criminal attack on our IT system which has caused significant disruption to our services,

"Our priority is to restore services as quickly as we can to make sure those who depend on our services have access to them."

Mr Burr said not all the comhairle's services had been affected, and external communications were returning to normal.

He added that cyber attacks were a constant threat to organisations and individuals.

Mr Burr said: "You would be surprised by the number of attempts that our firewall repulses on a daily basis from all over the world."

The attack comes after the Scottish Environment Protection Agency (Sepa) had thousands of digital files stolen in cyber attack in 2020.

In February this year, Audit Scotland said that some public money had been written off as a result, but the full financial impact was still unknown.

Auditor General Stephen Boyle said the attack had continued to have a "significant impact" on Sepa's performance.

Analysis by Laura Goodwin, BBC Scotland innovation correspondent

A ransomware attack uses a type of software designed to disrupt or gain access to a computer system.

The information is then encrypted making it difficult for a user to access their files or the information may be deleted or leaked.

A group behind the attack may then demand money - a ransom - for return of the data or to prevent it being leaked. These types of attacks are not uncommon.

Earlier this year, the BBC, BA and Boots were among a number of companies who had data hacked in a supply chain attack by a cyber gang thought to be based in Russia.

In 2021, the Scottish Environment Protection Agency had more than 4,000 digital files stolen.

And even tech firms are at risk. Last year Edinburgh-based Rockstar Games, creator of Grand Theft Auto, had footage and details of an unreleased game leaked online, with hackers threatening to release more unless a deal was reached.

The advice to companies is not to pay a ransom as this might make them a target in the future and is no guarantee that data will be returned.