Redcar & Cleveland Borough Council in northern England has confirmed it has fallen victim to a ransomware attack targeting its server estate, which has kept it offline since the weekend of 8 February.
The attack, which has been extensively reported by local media, has left local residents unable to access the many services the council provides online, such as making council tax payments or checking their rubbish collection dates.
Concerns have also been raised over the upcoming National Offer Day for applications for secondary school places in September 2020, which is scheduled for 2 March.
Council leader Mary Lanigan took to Facebook to provide an update, given that the council’s websites remain offline.
“Our absolute priority since the first day of the attack has been to protect our frontline services, ensuring the safety and wellbeing of the most vulnerable people in our community, while rebuilding our IT systems so they can return to full functionality,” she said.
“Significant progress has been made. Our staff, working alongside support from the government, continue to work tirelessly round the clock to minimise any disruption or delays.”
Lanigan added: “All frontline services have continued, payments continue to be processed as normal, and there is no evidence so far to suggest any personal information has been removed from our servers.”
The council has now built a new server and website and deployed a temporary contact centre, said Lanigan, but it is likely to be some time before its IT capabilities are fully restored, so further frustration for local residents is inevitable.
“I’d also like to thank our residents for the resilience and patience they have shown,” the council leader added. “And I’d like to place on record my gratitude and admiration for our council staff and all of those who have responded to this complex and challenging situation.
“We notified the relevant authorities of the attack swiftly and the investigation is being led by the National Crime Agency. We are working with the National Cyber Security Centre [NCSC] and the National Crime Agency [NCA], and I would like to thank their staff for all the assistance they have provided.
“As a council, we have always taken cyber security seriously, and we will continue to engage with the relevant authorities to ensure our systems are as secure as possible in the future.”
Kaspersky research on ransomware attacks against local and municipal governments, released in December 2019, reported a 60% rise in ransomware attacks against such bodies compared with the previous year. The most often used ransomware strains were Ryuk, Purga and Stop.
The average ransom demand clocked in at $1,032,460 (£790,000/€930,000), although the amounts extorted from smaller local authorities were often much smaller than those extorted from larger ones, suggesting that the various cyber criminal groups behind the attacks are conducting very specific, targeted attacks.
Kaspersky said most municipal breaches come about through social engineering or phishing, or because of unpatched software on old IT estates that local authorities often lack the funds to replace or protect.
Kaspersky said: “First of all, the cyber security budgeting of municipalities is often more focused on insurance and emergency response than on proactive defence measures. This results in cases where the only possible solution is to pay the criminals and facilitate their activities.
“Secondly, municipal services often have numerous networks that include multiple organisations, so hitting them causes disruption on many levels at the same time, bringing processes across entire districts to a halt.
“What is more, the data stored in municipal networks is often vital for the functioning of everyday processes, as it directly concerns the welfare of citizens and local organisations. By striking such targets, cyber criminals are hitting a sensitive spot.”