Since the beginning of 2020, three local authorities have suffered major cyber-attacks, with two of these attacks reportedly costing at least £10m in recovery costs.

Redcar and Cleveland Borough Council were hit in February 2020, Hackney Borough Council in October 2020 and more recently Gloucestershire Council were targeted in December 2021.

This week, it was reported that Gloucestershire Council are still recovering from the attack, almost six months on.

Redcar and Cleveland Borough Council were targeted in a ransomware attack on February, 8th, 2020 resulting in services from bin collections, street cleaning, schools, housing and social services being massively affected.

The Hackney Borough Council ransomware attack caused similar disruption. The threat actors allegedly posted residents and employee personal data, extracted during the attack, on the dark web some four months later.

The recovery cost for both Redcar and Hackney’s attack is estimated to be in the region of £10m with recovery steps including rebuilding IT infrastructure and a review of working policies.

This week, it was reported that Gloucester City Council are still not operating at capacity, after their attack in December. The council were suspectedly targeted by Russian threat actors who deployed sleeper malware, a malware which lays dormant on a system before activation to further infiltrate a network and encrypt data.

The council originally set aside £380,000 to remediate and recover from the incident, but the final bill is estimated to exceed one million pounds.

The full extent of the cyber-attacks against each council have not been fully disclosed, however the Hackney Council attack was claimed by PYSA ransomware. PYSA have previously targeted their ransomware against large private companies and government organisations.

However, the targeting of Hackney council showed a shift in the groups techniques, demonstrating that such organisations are not off-limits to the targeting of many ransomware variants.

The fallout of attacks against local councils, observed over the past two years, demonstrates how costly and detrimental cyber-attacks can be to the operations of public sector services.

Additionally, it is clear that critical public sector organisations remain lucrative targets to attacks due to the high-profile attention they receive, and sensitivity of data held.

If you're a member of a council and would like to know how we can help, get in touch with us today.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).