Ransomware has spent the past few years testing Scotland’s public services in ways that should feel uncomfortably familiar to many north‑east businesses. From Dundee and Angus College’s near‑total IT wipe‑out, to a Western Isles council still rebuilding systems two years after an attack, to school networks facing data theft and exam disruption, the picture is clear: this is no longer a niche IT risk. It is a strategic resilience issue that affects finance, operations, reputation and supply chains across the country.
For companies in and around Aberdeen – particularly those in energy, engineering, logistics and specialist services – these public‑sector incidents are not just someone else’s story. They are live case studies of what happens when complex estates, legacy systems and stretched teams meet increasingly professional criminal groups. The same weaknesses show up in private‑sector environments every day.
Western Isles: the long tail of council disruption
The ransomware attack on Comhairle nan Eilean Siar in November 2023 has become one of the clearest examples of the long‑tail impact of a serious incident on a Scottish council. A suspected ransomware intrusion took down large parts of the council’s IT environment, disrupted services and forced staff to rebuild key systems from scratch.
By mid‑2024, direct costs were estimated at around £500,000, rising towards £1 million as rebuilding and resilience work continued. Finance processes, housing services and other core functions all felt the impact, with staff forced to reconstruct records from fragmentary data to meet statutory reporting deadlines. Years later, audit work was still highlighting service backlogs and incomplete systems.
A Silicon Scotland analysis of the Western Isles case notes how weaknesses in IT infrastructure, governance, preparedness and staff capacity had been flagged before the attack – and how addressing them earlier could have reduced the impact. For north‑east businesses, that sounds very close to home: known risks on the risk register, postponed upgrades, and “we’ll get to it next year” projects that suddenly become urgent when something goes wrong.
Dundee and Angus College: when one weakness takes out the lot
On the east coast, Dundee and Angus College experienced what many CISOs and IT leaders fear most: a ransomware attack that effectively wiped out its IT estate and left leaders discovering, in real time, that critical assumptions in their continuity plans did not hold.
The compromise was later linked to an unpatched server rather than a staff member clicking a phishing email, even though the college held Cyber Essentials certification and had run awareness campaigns. Attackers appear to have gained enough visibility into the college’s systems to see its bank balance and demand a ransom equal to its annual budget. The college refused to pay and instead rebuilt, accelerating a shift into Microsoft 365, Teams and cloud‑based services in the process.
Silicon Scotland’s case study on Dundee spells out why this matters beyond further education. For any business running a mixture of legacy on‑prem infrastructure and newer cloud workloads, it is a reminder that a single exposed asset can undermine months of training and paper compliance. Energy and engineering firms with ageing OT and corporate IT side by side should pay particular attention to that lesson.
West Lothian schools: data, exams and trust
In 2025, the focus shifted back to education when West Lothian Council confirmed that its schools network had been hit by a suspected criminal ransomware attack. The incident affected dozens of schools across the authority and came at a critical point in the exam calendar, forcing contingency planning to keep SQA assessments on track.
Initial assurances that there was no evidence of data access had to be revised as the investigation progressed. Criminals were later confirmed to have stolen a proportion of the data held on the education network, including personal and sensitive information. A ransomware group claimed responsibility and published samples of stolen files on a dark‑web leak site, prompting the council to begin contacting affected families and staff.
In Case You Missed it:
A wider Silicon Scotland feature uses West Lothian, alongside other cases, to show how ransomware has moved beyond simple IT outages and into safeguarding, privacy and public trust. For north‑east companies that work closely with schools, colleges and local authorities – from STEM outreach partners to training providers – it is a reminder that partner networks and shared systems can quickly become part of the story when an incident hits.
What this means for north‑east businesses and supply chains
So what does all this mean for Aberdeen‑area firms that have not yet faced their own ransomware crisis?
- Supply‑chain exposure is real. Many energy and engineering businesses depend on councils, colleges, logistics providers and specialist SMEs for everything from permitting to training and fabrication. If those partners go down, your operations feel the impact even if your own systems stay up.
- The same weaknesses keep appearing. Unpatched infrastructure, incomplete backups, unclear ownership of cyber risk and untested incident‑response plans feature in Western Isles, Dundee and West Lothian – and in many private‑sector environments.
- Regulation and expectation are tightening. National cyber‑resilience strategies increasingly expect SMEs and larger firms alike to treat cyber risk as a board‑level issue, not just a technical one. Customers, investors and regulators are starting to look for evidence of that in practice.
