A council in north-east England was held to ransom by hackers who demanded payment to restore access to its systems after a virus spread rapidly through its computer network.
A virus hidden in an email attachment spread rapidly through Redcar and Cleveland‘s computer network, causing chaos and disrupting essential services. The council, which serves the north-east England town of Redcar, was held to ransom by hackers who demanded payment to restore access to its systems.
The Attack Unfolds
In February 2020, a seemingly innocuous email attachment arrived in a council inbox, containing ‘malicious software’ that would lie dormant in the network until activated remotely. Within hours, the virus had spread throughout the system, locking staff out and scrambling files. By Saturday morning, local residents began to notice the council website was offline.
Ransomware is a type of malicious software that encrypts a victim's files or locks their device, demanding a ransom in exchange for the decryption key.
It typically spreads through phishing emails, infected software downloads, or exploited vulnerabilities.
According to recent statistics, over 40% of organizations have been affected by ransomware attacks, resulting in significant financial losses and data breaches.
The council’s IT engineer and staff were left with no choice but to shut down servers and try to halt the spread of the virus. However, it was too late, and hackers made their ransom demand. The exact figure has never been made public, but experts estimate it to be in the ‘low single figure millions’ of US dollars.
The Impact on Local People
The cyber-attack had a devastating impact on local residents, particularly those who relied on the council’s services. For example, Paul and Clare, a husband and wife duo, were ‘very reliant on the council’ at the time. Clare needed support from care workers and specialist equipment to help with a debilitating condition called functional neurological disorder.
The couple waited many months before they got the support they needed, with Paul having to quit his job to care for his wife. Staff continued to work on getting the council back online, but it took several years before evidence emerged suggesting who was behind the cyber-attack.
The Aftermath
In February 2022, one of the world’s most prolific ransomware gangs, the Russia-based Conti Group, fell apart. A year later, in February 2023, a group of Russian hackers were sanctioned by the UK and US governments over a string of attacks on businesses, schools, and councils, including Redcar and Cleveland.
The Conti Group is a German-based conglomerate with diverse business interests.
Founded in 1871, the company has grown to become one of Europe's largest industrial companies.
The group operates in various sectors, including tires, rubber, and plastics.
Continental AG, its flagship subsidiary, is a leading manufacturer of premium tires for passenger cars, commercial vehicles, and two-wheelers.
Conti Group also produces automotive systems, including brake systems, chassis, and body electronics.
The council said it was still only back to 90% functionality, with the system taking 10 months to be fully restored. The response to the attack cost £11.3m, with the government providing £3.68m compensation. However, the council did not have a specific policy in place to cover cyber-attacks, and the difference between the two had to come from its limited reserves.
The Lessons Learned
Former head of the National Cyber Safety Centre (NCSC), Ciaran Martin, fears that public services like councils and hospitals are vulnerable to simultaneous attacks. He notes that Redcar and Cleveland was a crisis, but what about 10 or 100 councils at the same time? That’s not inconceivable.
The government is taking action to protect local councils by providing funding to increase their cyber defences. However, experts warn that public services need to be more proactive in preventing cyber-attacks and having robust systems in place to respond quickly in the event of an attack.
Cyber defenses refer to the measures taken to protect computer systems, networks, and sensitive data from unauthorized access, use, disclosure, disruption, modification, or destruction.
These defenses include firewalls, intrusion detection and prevention systems, encryption, antivirus software, and secure protocols for communication.
According to a report by Cybersecurity Ventures, global cybercrime costs are projected to reach $6 trillion by 2021.
Regular updates, backups, and employee education are also crucial components of effective cyber defense strategies.
A Call for Action
As the UK continues to face increasing threats from hostile nation states, it’s essential that local councils take steps to protect themselves against cyber-attacks. With the right measures in place, they can prevent devastating attacks like the one on Redcar and Cleveland from happening again.
