Ransomware gang Interlock has this morning added West Lothian Council to its data leak site. It alleges to have stolen 2.63 TB of data, which includes 3,349,196 files and 580,783 folders. The proof pack contains images of passports, driver’s licenses, and various other documents.
The Scottish council confirmed it had been hit by a ransomware attack on May 6, with schools in the area impacted by the incident. In its statement on May 12 it said:
The education network has been isolated from the rest of the council’s networks, with no evidence that the council’s corporate and public access networks have been affected.
There has been a significant amount of work undertaken by staff to ensure that disruption to education, including SQA exams, was minimal.
Work is ongoing with external organisations and agencies continuing to investigate the full impact of the attack and restore systems. While good progress is being made, it is not possible to say when the education network will be restored at this time.”
No further updates have been provided as of yet. West Lothian Council hasn’t confirmed Interlock’s claims or whether or not a ransom was demanded/paid. Comparitech has contacted the council for more information, including how many people may potentially be impacted by this breach, and will update this article if we receive a response.
Who is Interlock?
Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.
Since October 2024, we’ve tracked 16 confirmed attacks via this group and a further 17 unconfirmed attacks that haven’t been acknowledged by the organizations in question. Yesterday, Kettering Health also confirmed it was suffering a system-wide technology outage. CNN saw the ransom note, which came from Interlock.
Government entities and education providers are often a target for Interlock with other confirmed attacks including:
So far this year, Interlock has added 19 victims to its data leak site — eight of which have been confirmed.
Ransomware attacks on government organizations and the UK
Throughout 2025 to date, we’ve tracked 60 confirmed attacks on government organizations across the globe and we’re monitoring a further 94 unconfirmed attacks. This is the second confirmed attack on a UK government entity with the other being the January 2025 attack on Gateshead Council. In this case, Medusa claimed responsibility for the attack, demanding a $600,000 ransom for its alleged stolen data.
Other recently confirmed attacks include the City of Pisa, Italy, which was also targeted this month. Nova (formerly RALord) claimed this attack, allegedly stealing 2 TB of data.
Across the UK as a whole, there have been 13 confirmed ransomware attacks this year so far. This includes the recent attacks on Marks & Spencer, Harrods, and Co-op, and the attack on supermarket logistics company Peter Green Chilled, which has come to light this week.
We are also monitoring 92 unconfirmed attacks in the UK — two of which are on government organizations and five of which are on UK education providers.
About West Lothian Council
West Lothian Council is one of 32 local authorities in Scotland, UK. Its area covers a population of over 181,000 people and it has 13 secondary schools, 69 primary schools, and 61 nurseries.
Source link
-
-
-
-
-
-
-
-
