Redcar and Cleveland Borough Council online services offline for more than a week following incident that experts call a likely ransomware incident
A local council has confirmed that an outage of its online services lasting more than a week was caused by a cyber-attack.
Redcar and Cleveland Borough Council said the cause of the outage “appears to be a cyberattack on the council’s IT servers”.
Earlier last week the council had said it was experiencing an “issue with our IT system” that meant it was working at a reduced capacity.
As of Monday morning the council’s web pages were still displaying an error message when accessed.
The borough’s more than 135,000 residents have been without online services since 11 a.m. on Saturday, 8 February.
A third-party website operated by Civica is still functioning, meaning the council can accept and process council tax payments.
Experts said the attack is likely to have involved ransomware, in which malware locks an organisation’s files until a ransom is paid to the attackers.
A number of local public authorities worldwide have been disrupted by such malware, and councils are reluctant to pay attackers for fear of encouraging further attacks.
“We are still experiencing issues with our IT systems, which means we are working with a reduced capacity,” the council said in its most recent Twitter post on the issue.
“We are able to receive and answer limited calls and emails and we will be prioritising urgent messages.”
The council said all its computers were affected by the attack.
Pen and paper
It said it does not have an “exact timescale” for when online services would be back up, but said its teams were working to remedy the problem.
In the meantime, council staff are operating using pen and paper and are fielding calls from residents via council hotlines.
The National Crime Agency is working with the council and a team of experts from GCHQ’s National Cyber Security Centre (NCSC) has been on site since the attack occurred.
The NCSC said the attack was an “isolated incident” and that it is working with partners to “understand its impact”.
The NCA and the NCSC also declined to confirm whether ransomware was to blame for the disruption.
The council’s leader, Councillor Mary Lanigan, told the BBC the council’s computers had been taken offline and its systems were being rebuilt.
“We have a massive team here – including cyber-security experts – working around the clock flat out to get it fixed,” she said.
“The main problem is that we have no email systems. so we have extra phone lines for residents.”
No data stolen
The council added that as yet it had not found any evidence that sensitive personal data had been stolen.
Cumbrian council Copeland Borough is one of the UK councils to have been hit by ransomware, an attack it said in 2018 had cost it about £2 million.
Following the attack the council invested more in its IT systems and began storing key documents on cloud servers.