Ransomware attack leaves council facing huge bill to restore services

IT servers have been disabled for past three weeks, affecting website and phone lines

A council in the north-east of England has admitted that it has suffered a cyber-attack that has disabled its IT servers for the past three weeks, leaving it with a steep bill and concerns among residents that their local government infrastructure is “in danger of collapse”.

One Redcar and Cleveland councillor told the Guardian they had been advised it would take several months and cost between £11m and £18m to repair the damage -far more than the £7.4m funding grant the council is set to receive in 2020/2021 from central government. The council’s total annual budget is £279m.

For three weeks all council staff have been told they cannot use council computers, tablets or mobile devices and have been instead relying on “pen and paper”, the councillor said.

Initially Redcar and Cleveland council told residents it simply had “an issue with our IT system, which means we are working with a reduced capacity”.

But now the council leader, independent councillor Mary Lanigan, has acknowledged that the council was subject to a “ransomware cyber-attack” on 8 February.

When a company or organisation gets hit by a ransomware attack they are forced to pay a “ransom” – anywhere from hundreds to thousands to millions of pounds – to “unlock” the files that have been maliciously encrypted.

On Thursday there was a full council meeting to set the 2020/2021 budget and there was no mention of the costs of the cyber clean-up, the councillor said. A council spokesman said: “We don’t yet have a figure and it would be wrong to speculate”.

After ten years of central government-led austerity, the council reserves are now down to £5.2m.

The National Crime Agency said it was leading the criminal investigation into the “recent cyber incident” and was working closely with the National Cyber Security Centre and Cleveland police to support the council.

Writing on the council’s Facebook site, Lanigan said all frontline services have continued and there was “no evidence so far” to suggest any personal information had been removed from the compromised server.

Since the attack, the council has built a new server and website and mobilised a temporary call centre, she said, adding: “However, it may be some time before our IT capabilities are fully restored which may mean frustration for the public in dealing with us administratively.”

The council website is still not functioning properly and residents complain they have been cut off repeatedly when ringing the local authority as instructed, rather than emailing.

Events several weeks away have been cancelled, with officials blaming the IT problems. Local resident Peter Finlinson said he had received an email saying a council focus group he was due to attend on 12 March had been postponed “due to the ongoing IT issues”.

Finlinson also said he had been trying to access a planning application for a new development planned for Marske-by-the-Sea, a village between the seaside resorts of Redcar and Saltburn-by-the-Sea.

He and other local activists had objected to the development but were unsure whether the objections were lost in the cyber-attack. When he asked a councillor for a meeting he was told he could not schedule one because the servers were down.

“We simply do not know whether objections have been lost. We do not know whether or not the application is going to start again from day one or if it is simply going to roll on from where it was,” he said, adding: “I pressed councillor Wayne Davies for a meeting about a week ago and he told me that he could not arrange one because of the cyber-attack. This seems to suggest [to] me that our local government infrastructure is in danger of collapse.”

He suggested the council had not been functioning properly since a coalition of independents and the Liberal Democrats took power from Labour after the local elections last May.

One of the first acts of the new ruling group was to scrap its £150,000 chief executive role, sharing out her duties among other council managers.

Amanda Skelton accepted voluntary redundancy after 11 years in the job, costing the council £337,000 to cover redundancy payments and local authority pension contributions.

“We cannot have local government run as though it were amateur night out. There is a lack of professionalism,” said Finlinson.

Last year the council’s auditor warned that Redcar and Cleveland local authority could go bust within two years unless its spending is slashed or central government plugs the gap.

In 2018 the National Audit Office, the government’s spending watchdog, said Redcar and Cleveland council had seen its spending power reduced 35% since the introduction of austerity measures.

Around 1,100 council jobs have been shed as part of cuts of more than £75m.

In 2020-2021 the government’s “revenue support grant” to the council is £7.4m, down from £21.6m in 2016-2017.


Helen Pidd and Gregory Robinson

The GuardianTramp

Related Content

Article image
Ransomware attack hero condemns 'super-invasive' tabloids
Marcus Hutchins says he will have to move house after newspaper identified him and published his full address

Nadia Khomami

22, May, 2017 @8:44 AM

Article image
Guardian confirms it was hit by ransomware attack
Media firm says personal data of UK staff members was accessed in ‘highly sophisticated’ cyber-attack last month

Dan Milmo Global technology editor

11, Jan, 2023 @4:38 PM

Article image
Cybersecurity stocks boom after ransomware attack
Companies see share prices rise sharply amid expected increase in spending on IT security after WannaCry hack

Nick Fletcher and Haroon Siddique

16, May, 2017 @3:35 PM

Article image
Travelex services begin again after ransomware cyber-attack
Foreign currency firm restores some systems after £4.6m demand from hackers

Rupert Jones

13, Jan, 2020 @1:35 PM

Article image
Russia and neighbours are source of most ransomware, says UK cyber chief
Lindy Cameron, head of National Cyber Security Centre, says extortion is most serious online threat to UK

Dan Sabbagh Defence and security editor

11, Oct, 2021 @4:28 PM

Article image
NHS ransomware attack: what happened and how bad is it?
Cyber-attacks on health bodies appear to be on the rise again after a hiatus early in the pandemic

Dan Milmo Global technology editor

11, Aug, 2022 @8:21 PM

Article image
UK faces mass 'ransomware' email attack from cybercriminal gangs
Police warn of viral scams disguised as messages from banks, followed by demand for Bitcoin payment to unlock devices

Charles Arthur and agencies

15, Nov, 2013 @6:22 PM

Article image
UK organisations could face huge fines for cyber security failures
Government proposes penalties as ‘last resort’ for those failing to adequately assess risks and prevent damage

Anushka Asthana Political editor

07, Aug, 2017 @11:01 PM

Article image
NHS cancer patients hit by treatment delays after cyber-attack
Hospitals across the country were forced to cancel routine procedures and divert emergency cases after malware attack

Sarah Marsh

14, May, 2017 @6:57 PM

Article image
Operations cancelled as Hunt accused of ignoring cyber-attack warnings
Regulator said last summer that threat of attacks had put patient data at risk and jeopardised clinicians’ access to records

Denis Campbell and Haroon Siddique

15, May, 2017 @12:58 PM