As reported by the BBC, a watchdog is probing a cyber-attack on Redcar and Cleveland Borough Council, which was still unable to provide any online services more than a week after its systems were crippled. The council’s website and all computers at the authority were attacked last Saturday, affecting 135,000 residents. The council notified the Information Commissioner’s Office (ICO) – the watchdog said the authority had “made us aware of an incident and we are assessing the information”.
Jake Moore, Cybersecurity Specialist at ESET:
“This indeed has all the hallmarks of a ransomware attack. The knock-on effects just show the devastation that this simple yet effective attack can leave in its wake.
This is by no means the first ever council to be hit with ransomware and nor will it be the last. Local governments have tight budgets but sadly, IT security still appears way down the priority list with some leaders. I would be surprised if this council was unaware of previous similar attacks, so it suggests they need a better understanding in how to protect their networks. Funding is a difficulty in local government but this is about assessing risk and must be addressed properly.
Offsite backups can be restored in hours when they are set up correctly so when they fail to be back up over a week later, serious questions should be asked. I never condone paying the ransom being asked as you can never be 100% certain you will see the money again, but no doubt the council will have this as a consideration if they are cornered. It’s better to prevent and protect rather than pay.”