Redcar and Cleveland Borough Council have finally announced, after almost three weeks of having to carry out their daily duties with just pen and paper, that they have fallen victim to a cyber-attack that has encrypted their data, rendered their systems useless, and is holding them for ransom.
Consequently, 135,000 residents in the area are no longer able to access their services including social care advice and viewing financial benefit information.
The disruption could potentially last for months and end up costing millions in taxpayers’ contributions to fully restore the council’s ability to provide its public services.
Assistant Director of Governance, Steve Newton, said: “There is still a criminal investigation ongoing and I’m not quite sure where these questions will lead.”
Labour Councillor, Sue Jeffrey, wanted to know what business processes were unavailable, at the Resources Committee Meeting and reported “…things like house searches, the planning portal, registration, building and control – all those sorts of things – access to historical files, regeneration projects, financial transactions?”
The Committee agreed, however, that the press and public should be excluded on the grounds of confidentiality.
The National Crime Agency (NCA) is investigating the attack and experts from the National Cyber Security Centre (NCSC) have been on-site since it happened.
The council has confirmed it was targeted in a ransomware attack – where files are scrambled until a ransom is paid to the hackers.
Council leader Mary Lanigan has previously said there was no indication any private information had been compromised.
The authority has declined to say how much cash had been demanded, but Ms Lanigan suggested it was rebuilding its systems rather than surrendering to the hackers’ demands.
She concluded “It might be “some time” before the council’s IT capabilities will be fully restored.
Norsk Hydro, a global aluminium producer was hit by a similar ransomware attack during 2019. They refused to pay, are still to make a full recovery and it has cost them more than £45 million to date.