The Untold Story of a Crippling Ransomware Attack

It was a Sunday morning in mid-October 2020 when Rob Miller first heard there was a problem. The databases and IT systems at Hackney Council, in East London, were suffering from outages. At the time, the UK was heading into its second deadly wave of the coronavirus pandemic, with millions living under lockdown restrictions and normal life severely disrupted. But for Miller, a strategic director at the public authority, things were about to get much worse. “By lunchtime, it was apparent that it was more than technical stuff,” Miller says. 

Two days later, the leaders of Hackney Council—which is one of London’s 32 local authorities and responsible for the lives of more than 250,000 people—revealed it had been hit by a cyberattack. Criminal hackers had deployed ransomware that severely crippled its systems, limiting the council’s ability to look after the people who depend on it. The Pysa ransomware gang later claimed responsibility for the attack and, weeks later, claimed to be publishing data it stole from the council.

Today, more than two years later, Hackney Council is still dealing with the colossal aftermath of the ransomware attack. For around a year, many council services weren’t available. Crucial council systems—including housing benefit payments and social care services—weren’t functioning properly. While its services are now back up and running, parts of the council are still not operating as they were prior to the attack.

A WIRED analysis of dozens of council meetings, minutes, and documents reveals the scale of disruption the ransomware caused to the council and, crucially, the thousands of people it serves. People’s health, housing situations, and finances suffered as a result of the insidious criminal group’s attack. The attack against Hackney stands out not just because of its severity, but also the amount of time it has taken for the organization to recover and help people in need.

Ransom Demands

You can think of local governments as complex machines. They’re made up of thousands of people running hundreds of services that touch almost every part of a person’s life. Most of this work goes unnoticed until something goes wrong. For Hackney, the ransomware attack ground the machine to a halt. 

Among the hundreds of services Hackney Council provides are social and children’s care, waste collection, benefits payments to people in need of financial support, and public housing. Many of these services are run using in-house technical systems and services. In many ways, these can be considered critical infrastructure, making the Hackney Council not dissimilar to hospitals or energy providers.

“The attacks against public sector organizations, like local councils, schools, or universities, are quite powerful,” says Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who is researching the societal impact of ransomware. “It’s not like the energy grids going down or like a water supply being disrupted … but it’s things that are crucial to the day-to-day existence.”

All the systems hosted on Hackney’s servers were impacted, Miller told councilors at one public meeting assessing the ransomware attack in 2022. Social care, housing benefits, council tax, business rates, and housing services were some of the most impacted. Databases and records weren’t accessible—the council has not paid any ransom demand. “Most of our data and our IT systems that were creating that data were not available, which really had a devastating impact on the services we were able to provide, but the work that we do as well,” Lisa Stidle, the data and insight manager at Hackney Council, said in a talk about the council’s recovery last year.

Go to Source