Redcar & Cleveland Council and Ransomware

News and information from the Advent IM team.

Redcar and Cleveland Borough Council hit by Cyber Attack

By Advent IM Security Consultant Osian Cassells

Cyber-attacks continue to wreak havoc throughout industry and businesses across the globe, with no signs of them slowing down. One of the latest victims of the ever-growing threat of a cyber-attack has been part of UK local government, Redcar and Cleveland Borough Council. The attack which has now after almost three weeks been confirmed as a ransomware attack. Once as system is infected, ransomware is able to quickly spread across networks and other systems, crippling them and bringing businesses to a standstill. As a result, this has left 135,000 residents in the area without access to services provided by the council, such as social care advice. At the time of writing, systems at the council had been down for almost three weeks with no end currently in sight. It could take months and cost millions of pounds to be able to fully restore the council’s capabilities.

The statement by the NCSC[1]  leads you to think that the council had all the appropriate technical controls in place and had taken back-ups of systems in order to restore from, therefore trying to decrease the impact of the attack as much as possible. Even with the council having good technical controls in place, the impact still looks to be very severe, although the complete impact of the incident is not fully understood at this time. Being without systems and services for three weeks and counting is going to have a massive impact on any business or organisation, let alone the millions of pounds it could take to fully restore the council’s services.

Just having technical security controls is not enough to defend against cyber-attacks (and certainly fast evolving and self-funding ransomware) of today. Security needs to be looked at holistically, including behaviours, in order to effectively defend against the wide variety of evolving threat actors that businesses face today. Having a positive security culture being a vital part of that security regime. This attack clearly demonstrates the importance of having a positive security culture, since malware and ransomware infections are usually triggered through the actions of staff e.g. accidently clicking a link in a phishing email. Although it is not confirmed that in this case the ransomware was initiated through some sort of phishing, given the ubiquitous nature of phishing as a delivery system, it’s likely that it was.Although NCSC states the council have done all they can in terms of technical defences against a cyber-attack, having a positive security culture will prove as a great deterrent against cyber-attacks and help prevent them from happening. Staff are your frontline defences and with a positive security culture implemented it stands businesses in great stead, alongside technical security controls in preventing incidents from happening at all, and if they do, decreasing the impact greatly. Culture is something that is often overlooked and it is absolutely vital in aiding businesses to defend against all threats a business may face.

 

[1]https://www.bbc.co.uk/news/uk-england-tees-51573980 – BBC article on the Redcar and Cleveland Council cyber-attack

 

Source: TrendMicro 2018

Share this Post