FOI - Cyber Security [Sep - 2021]

a. Had any ransomware incidents? (An incident where an attacker attempted to, or successfully, encrypted a computing device within your organisation with the aim of extorting a payment or action in order to decrypt the device? ) i. If yes, how many? b. Had any data rendered permanently inaccessible by a ransomware incident (i.e. some data was not able to be restored from back up.) c. Had any data rendered permanently inaccessible by a systems or equipment failure (i.e. some data was not able to be restored from back up.) d. Paid a ransom due to a ransomware incident / to obtain a decryption key or tool? i. If yes was the decryption successful, with all files recovered? e. Used a free decryption key or tool (e.g. from https://www.nomoreransom.org/)? i. If yes was the decryption successful, with all files recovered? f. Had a formal policy on ransomware payment? i. If yes please provide, or link, to all versions relevant to the 3 year period. g. Held meetings where policy on paying ransomware was discussed?