Contents:
Gloucester City Council, situated in England’s West Midlands, incurred over £1.1 million ($1.39 million) in expenses to recover from a ransomware attack in December 2021. This information was disclosed in a council meeting agenda on Monday.
This meeting took place in the wake of a formal reprimand issued to the council by the Information Commissioner’s Office (ICO) for not averting a cybersecurity breach that emerged shortly before Christmas.
According to a notice on the council’s website, this breach involved a sophisticated cyber-attack by a criminal group, resulting in the theft of personal information of residents and the public.
The attack, originating from a spear phishing email as detailed in the agenda, led to expenses that included hiring security consultants, purchasing recovery software, replacing essential equipment, and transitioning all IT systems to cloud-based hosting.
Out of the total expenditure, the government provided £250,000 ($315,000) in grants.
Information commissioner’s office critiques council’s cybersecurity measures
The ICO criticized the council for various shortcomings, notably the absence of a “security information and event management (SIEM) system,” which allowed the attackers to tamper with and erase crucial evidence from the council’s logs, hindering the investigation and recovery process.
The ICO emphasized that without a SIEM system, the council was significantly limited in its ability to effectively monitor, respond to security incidents, and identify potential threats.
Despite having backup systems, the council chose to completely rebuild its systems, a decision that substantially delayed the restoration of access to personal data.
Challenges in data protection
The ICO’s reprimand also addressed the council’s failure to promptly restore access to personal data and systems, and its inability to identify and notify individuals potentially harmed by the breach.
These lapses were identified as violations of the U.K.’s General Data Protection Regulations, which could lead to fines up to 4% of the organization’s global turnover, explains The Record.
However, the ICO opted for a reprimand, acknowledging the council’s backup preparations and the nature of the attack, which was initiated through a phishing email from a legitimate third-party address, rather than a council-specific vulnerability.
The ICO acknowledged that the council had some log review systems, although they were deemed inadequate.
Gloucester City Council’s full report is available here.
A surge of ransomware attacks across the UK
The December 2021 attack on Gloucester City Council is part of an increasing trend of ransomware attacks in Britain, as reported by the ICO. These attacks have escalated since 2020, reaching record levels last year and showing no signs of slowing down in 2023.
In the first half of this year alone, Britain experienced almost as many cyber incidents as in the entirety of 2021. This includes 64 attacks on local governments in just six months, surpassing the total of 60 incidents recorded in the previous three years.
Check out the linked articles to learn more about: how ransomware spreads, how to mitigate and how to prevent ransomware attacks.
How can Heimdal® help?
When it comes to protecting your network from advanced ransomware and other cyber threats, our platform has you covered.
Heimdal XDR‘s capabilities extend beyond conventional threats, effectively countering ransomware, insider threats, admin rights abuse, Advanced Persistent Threats (APTs), software exploits, and brute force attacks.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.