In February 2020, a ransomware attack forced council staff off their computers for three weeks and onto “pen and paper” as IT servers were disabled. According to council leader Mary Lanigan, in the weeks after the attack, the council mobilised a temporary call centre and had to build a new server and website. The attack left residents without access to essential public services for several weeks. Experts from the National Cyber Security Centre (NCSC) were called in to assist with the recovery efforts.
Hackers had encrypted the council's data and demanded a ransom payment for its release. The council refused to pay the ransom, in spite of this the attack had a substantial impact on the council's finances, the estimated cost of recovery exceeded £10 million (including IT infrastructure repairs, departmental expenses and lost income due to service disruptions).
It took 8 months to repair the damage and become fully operational again. Many residents expressed frustration at the lack of communication and the prolonged service outages.
“Catastrophic” ransomware attack caused loss of “everything”.
135,000 residents were left without access to essential public services for several weeks.
| Description | Category | Company | Occurred | Local amount | USD amount | USD last converted |
|---|---|---|---|---|---|---|
| Reduction in enforcement income and lower collection levels for council tax and business rates £1m | Financial Loss | Redcar And Cleveland Council | August 2020 | £-1,000,000 (GBP) | $-1,332,249 | 23/9/2024 at 12:30 CEST |
| Cost to individual departments £3.4m | Control Environment Improvement and Professional Service Fees | Redcar And Cleveland Council | August 2020 | £-3,400,000 (GBP) | $-4,529,649 | 23/9/2024 at 12:30 CEST |
| Recovery or replacement work to IT infrastructure £2.4m | Control Environment Improvement, Crisis Management and Professional Service Fees | Redcar And Cleveland Council | August 2020 | £-2,400,000 (GBP) | $-3,197,399 | 23/9/2024 at 12:30 CEST |
| £3.68m from government towards cost of rebuilding systems | Control Environment Improvement | Redcar And Cleveland Council | April 2021 | £3,680,000 (GBP) | $4,902,679 | 23/9/2024 at 12:30 CEST |
The ransomware attack had a significant impact on the local community, causing disruption and inconvenience to residents who relied on the council's services.
From the JCNSS report "1. On Saturday 8 February 2020, the Leader of Redcar and Cleveland Borough Council received an ominous phone call. A member of Councillor Mary Lanigan’s IT team had accessed the Council’s system and thought that something didn’t “look right”. Their instincts were right: the Council had suffered a “catastrophic” ransomware attack and had lost “everything”.1 Social workers were unable to access its systems for managing children’s services, including reports about children from concerned members of the public. Councillor (Cllr) Lanigan told us that the Council had “no telephone, no emails, no functioning computers, no laptops, the printers would not work and, crucially, there were no records or documents”. The Council refused to pay the ransom, in part to protect other local authorities from similar attacks. Cllr Lanigan told us that its recovery took eight and a half months: You can imagine the devastation. I had staff running about with pieces of paper. We brought in another telephone system that we could use, but that took time. It was catastrophic, for the Council and for the residents we serve across the board."
From theguardian.com "One Redcar and Cleveland councillor told the Guardian they had been advised it would take several months and cost between £11m and £18m to repair the damage -far more than the £7.4m funding grant the council is set to receive in 2020/2021 from central government. The council’s total annual budget is £279m."
From the JCNSS report "What is ransomware?
3. Ransomware is a type of malicious software—‘malware’—designed to damage and destroy computers and computer systems, usually to facilitate extortion. In its most prevalent earlier form, ransomware prevented its victim from accessing their device and/ or the data stored on it, by ‘encrypting’ (effectively locking away) key files or systems. A criminal group would then demand a ransom in exchange for ‘decryption’, which makes the files available again. Alternatively or in addition to encryption, data might be exfiltrated (effectively taken away or copied), with the ransom demand linked to threats to publish online or sell sensitive data, as outlined in Chapter 2; this form of attack may now be more prevalent, according to some witnesses. The term ‘ransomware’ has been applied to all stages of the attack, and often encompasses the additional extortion tactics linked to the stolen data."
From the JCNSS report "After the attack on Redcar and Cleveland Borough council, Cllr Lanigan told us that she had given talks to a number of councils to advise them not to integrate all their data onto one system, after her Council been given a “clean bill of health” shortly prior to the attack. She noted that Redcar and Cleveland had “followed all government guidelines, and we did not think that we were at risk”; she suggested that the Government tends to “leave it to us through the LGA [Local Government Association]” to produce guidance on cyber resilience."