Security

Cyber-crime

UK council won't say whether two-week 'cyber incident' impacted resident data

Security experts insist ransomware is involved but Leicester zips its lips


Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.

Progress updates posted to its website are still referring to the widespread outage as a "cyber incident," failing to even confirm whether data has been compromised or whether ransomware is involved, which some experts insist to be the case.

The Register has repeatedly asked for a confirmation or denial of ransomware's involvement from the council, but after ignoring us for ten days it finally replied today, only to say it still couldn't share anything beyond official statements.

The UK's National Cyber Security Centre (NCSC), which has been informed of the situation at the council, told us it continues to work with local officials.

Leicester says in its statement a criminal investigation into the "cyber incident" remains ongoing, and as such the key details surrounding it all can't be revealed.

"The UK government really needs a radical rethink on ransomware [in my honest opinion]," said security expert Kevin Beaumont at the time the incident was first disclosed. 

"If you can't even say the word, you can't manage the problem."

Eerke Boiten, professor of cybersecurity at De Montfort University Leicester, said following the initial disclosure of the incident that the council has a good reputation when it comes to information governance and that he had "some faith" that any damage to sensitive data would be limited.

Earlier this week, the council extended its estimated time to recovery from the few short days at the time of disclosure, to "at least two weeks."

Richard Sword, strategic director of city development and neighborhood services at the council, said this week that "a good majority of staff are also back on the network," but its phone lines still require some work before they're back online. 

Libraries and community centers remain open, and waste services continue to operate as normal, but access to public computers, Wi-Fi, and printing is down. 

Some residents have had issues with the council being unable to collect their direct debits. The council will be writing to the affected individuals to inform them of the new date of collection.

Standing orders aren't affected and residents can still pay fixed penalty notices, which are issued for low-level crimes such as littering and not paying for car parking.

Emergency telephone lines have been established for critical services such as child protection services, homelessness, and housing repairs while the recovery efforts continue.

"We are making good progress with the recovery of our systems and are now in the process of switching them back online, with housing, adult and children's social care, and revenues and benefits being prioritized for this week," said Sword.

Residents were urged to only contact the council in the event of an emergency. They've also been assured that its website is still safe to use, and that they may trust emails coming from council sources, including any attachments that come with them.

"Many people in Leicester will be frustrated by these ongoing issues, but I'd like to reassure them that we're working as quickly as possible to get things back to normal," said Sword earlier this week. 

"I'd also like to apologise for the disruption and thank people for their continued patience and understanding as we work to resolve these outstanding issues." ®

Send us news
22 Comments

Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang

You hate to see it

Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says

Elderly people report the greatest losses

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV

Cyber crooks shut down UK, US schools, thousands of kids affected

No class: Black Suit ransomware gang boasts of 200GB haul from one raid

So you paid a ransom demand … and now the decryptor doesn't work

A really big oh sh*t moment, for sure

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

French police reckon financial system targeted during Summer Games

Ransomware batters critical industries, but takedowns hint at relief

Whether attack slowdown continues downward trend is the million dollar question that security researchers can't answer

White House’s new fix for cyber job gaps: Serve the nation in infosec

Now do your patriotic duty and fill one of those 500k open roles, please?

Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics

Would paying a ransom – or better security – have been cheaper and safer?

Hunters International cyber-gang extorts Chinese mega-bank's London HQ

Allegedly swiped more than 5.2M files and threatens to publish the lot

Predator spyware updated with dangerous new features, also now harder to track

Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more