Cyberattack on servers was ransomware, says council

Almost three weeks on from the initial attack, many Redcar and Cleveland Borough Council online services remain disrupted.

The bizarre story of the first ransomware attack

An English local authority has confirmed that ransomware is the form of cyberattack behind ongoing IT disruption that started almost three weeks ago, with the council's online services still being disrupted by the incident today.

It's the first time that Redcar and Cleveland Borough Council (RCBC) has confirmed network-encrypting malware to be the reason for services having been disrupted from February 8.

Previous updates from the North Yorkshire authority only referred to the incident as a cyberattack – although the nature of the attack meant ransomware was regarded as the most likely suspect.

Redcar and Cleveland hasn't said what kind of ransomware has impacted its systems, or what the hackers are demanding. But the council has confirmed there's no reason to believe the ransomware attack has resulted in the hackers gaining access to personal information stored on the servers.

SEE:  A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

A significant chunk of the network remains offline, but the council says it is doing all it can to ensure frontline services, such as adult social care, council tax and housing benefits, remain operational.

That includes having built a new server and website – with limited functionality – as well as setting up a temporary call centre that residents can phone about any concerns.

"On Saturday, February 8, Redcar and Cleveland Borough Council was the victim of a ransomware cyberattack which targeted the council's IT servers," said Councillor Mary Lanigan, leader of Redcar and Cleveland Borough Council.

"Significant progress has been made. Our staff, working alongside support from the government, continue to work tirelessly round the clock to minimise any disruption or delays. All frontline services have continued, payments continue to be processed as normal," she added.

However, it remains uncertain as to when services will be back up and running at full capacity – and the ransomware attack looks set to impact initial confirmation of secondary school places for students moving up next September, as National Offer Day is on Monday and the systems could remain offline at that point.

Redcar and Cleveland Borough Council doesn't anticipate the ransomware attack affecting the allocation of primary school places in April.

"As a council, we have always taken cybersecurity seriously, and we will continue to engage with the relevant authorities to ensure our systems are as secure as possible in the future," Lanigan added.

SEE: Ransomware: 11 steps you should take to protect against disaster

The council has brought in both the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to investigate the ransomware attack.

"The Council notified us swiftly of this attack and is taking the necessary steps to deal with it. In the longer term, we will help the Council minimise the risk of such an incident occurring again," an NCSC spokesperson told ZDNet.

"We would encourage all organisations to familiarise themselves with our newly-updated ransomware guidance, and as an immediate next step to ensure offline back-ups are in place," they added. 

It's currently unknown how ransomware managed to infiltrate the servers of RCBC, but cyber attackers are known to distribute ransomware by exploiting phishing attacks, exposed web-facing ports and stolen login credentials.

Many forms of ransomware also take advantage of known vulnerabilities and unpatched operating systems, so applying the relevant security updates can go a long way to preventing attacks.

MORE ON CYBERSECURITY