Redcar Council suffered £10.14m loss due to February ransomware attack

Redcar Council suffered £10.14m loss due to February ransomware attack

NCSC asks academic institutions to prepare for more ransomware attacks

A ransomware attack targeting the Redcar and Cleveland Borough Council’s IT systems in February inflicted a financial loss of £10.14m to the Council, forcing it to seek additional budgetary support from the government.

In a budget update report published 4th August, the Redcar council cabinet stated that the ransomware attack resulted in “total forecast impact of £10.144 million”, adding that it is still relatively difficult to determine what the ultimate impacts of this unprecedented incident will be even though the attack took place in February.

The Council said that prior to the cyber attack, it had “industry-standard tools deployed to secure its network” that were configured to provide optimum protection as per the standards set out by the Public Services Network (PSN). However, these measures proved inadequate in preventing the cyber attack.

“In terms of our response to the cyber-attack, the council acted quickly and effectively, working extremely hard to mitigate the effects on our key services and most vulnerable residents. However, the attack did permeate almost all functions of the council, and the required response and consequential impacts will have a bearing on the council’s finances,” the council said.

“Best estimates have been made and refined along the way as our recovery work has progressed. The council has worked closely with government on our response and recovery, and have been in regular dialogue regarding government support for the estimated financial impact on the council.

“A total forecast impact of £10.144 million was provided to government, along with further information to inform their due diligence process. This has now concluded and the government have agreed to provide support to the council in dealing with this financial impact,” it added.

Aside from making additional improvements to its cyber defences in the aftermath of the ransomware attack, Redcar council added itself to the list of pilot authorities to enrol on a National Cyber Security Centre (NCSC) scheme which will provide threat intelligence information exchange between the council and NCSC.

When the ransomware attack targeting Redcar council took place, Matt Rahman, COO for IOActive, told TEISS, that in order to avoid such devastating cyber attacks, organisations must adopt a ‘cybersecurity by design’ framework or process – with networks, systems, applications and technologies designed and built with security in mind – enabling them to take a proactive approach

“This way, you have a clear understanding of what you’re connecting, who is using it and where it’s appearing within the organisation and how do you monitor it for security events. Essentially, you’re looking holistically at your entire technology ecosystem.

“As you have the right processes in place, organisations can respond quickly and effectively to potential breaches or vulnerabilities as and when they occur – and importantly, remediate any incidents that do occur quickly,” he added.

Carl Wearn, Head of E-Crime at Mimecast, said that those responsible for leading any organisation’s cyber security must take sensible precautions such as non-networked backups, email and archiving fall-backs. This current threat should be a stark reminder that “it will always happens to someone else, not us ” attitude can no longer reside.

Copyright Lyonsdown Limited 2021

Top Articles

Australian energy giant CS Energy suffers a ransomware attack

Australian energy company CS Energy suffered a ransomware attack on November 27 that targeted its corporate network.

Misconfiguration of a management user interface (UI) tool leads to exposure of mission-critical data

Kafdrop, a popular open-source Apache Kafka user and management interface had configuration flaws that provided criminals with access to event-streaming platform Apache Kafka used by more than 60 per cent…

ICO serves £500,000 fine to the Cabinet Office for New Year Honours data breach

The ICO has fined the Cabinet Office £500,000 for failing to prevent the leak of postal addresses of over 1,000 people who were among the 2020 New Year Honours recipients.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]