An unnamed British government minister told the leader of Redcar and Cleveland Borough Council to keep quiet about the impact of a catastrophic ransomware attack two years ago, a parliamentary committee was told on Monday. The pressure from central government to not discuss the impact of the attack caused the council a lot of issues, said Mary Lanigan, who has led the council since 2019, during a witness session held by the Joint Committee on the National Security Strategy. The JCNSS is holding an inquiry into whether the United Kingdom's national security strategy is effectively addressing the threats posed by ransomware. Lanigan told the committee that a minister from central government told her "Whatever it is, we'll meet the cost," although they ultimately failed to do so - costing the council about £7 million - millions in excess of the cash it held in reserve. The attack on Redcar and Cleveland Council struck in January 2020, just as the COVID-19 pandemic was beginning and the resources of local authorities throughout the United Kingdom would be put under enormous pressure. The borough, in North Yorkshire on England's east coast, has a population of just over 130,000 and is among the more deprived areas of the country. Children and adult services - everything had been wiped out completely, described Lanigan. So you can imagine any reports coming in from members of the public regarding children and services and things like that. It was devastating. Lanigan added that the attack not only locked up the council's records, but shut down their access to telephone lines, email, computers, printers and other electronic devices. We couldn't even take in payments for [business] rates or for any bills, she said. We were advised not to go into a great deal of depth about what had happened. The public knew that we'd been hit with a ransom attack, but not how serious that was - it was catastrophic, not just for the council but for the residents and the people that we serve across the board, said Lanigan. GCHQ staff slept in council building to get Childrens Services running. The council leader credited staff at the National Cyber Security Centre, a part of GCHQ, with helping the council prioritize getting its Childrens Services back up and running as quickly as possible. Those specialists, alongside the council's own IT staff, were actually staying in the building, we actually put beds in for them in order to see how quickly we could do that [recovery] and move that forward. We were fortunate - maybe not fortunate, GCHQ are experts in their field - and they got as quickly as they could. That could have impacted on foster carers and what was happening and we were lucky in that regard. But it was due to GCHQ that we got that section up first, she added. Although some services were operating within weeks, in total it took the council more than eight months to be functioning again - a period during which the United Kingdom had gone into lockdown and council revenues and services faced additional challenges. Aside from the engagement from the cyber response teams, Redcar and Cleveland Borough Council found that although we informed central government that we were under attack, we were left to our own devices for the first week or so. We had to ring private security. Central government left us. I have the paperwork here, the council leader told the committee. What I was getting from central government was "don't say anything," which made it very difficult - although my cabinet knew what was going on - and it seemed that we had to keep it really tight, said Lanigan. And maybe because of security, I absolutely understand that, but then in hindsight it caused us a lot of issues because we couldn't actually go out there and say this is what's happened. A government spokesperson had not responded to The Record's questions as of publication. No idea why Conti provided the decryption key. Alongside Lanigan, the JCNSS heard from John Ward, the interim Chief Technology and Transformation Officer at the Republic of Ireland's Health Service Executive, about the attack which crippled the country's national health service in May 2021. Ward said that going public was a major benefit for the HSE's response. While the attacker posted a ransom note, the HSE and the Irish government confirmed on the day of the attack that we would not engage to pay a ransom to the attacker either directly or through a third party,
This Cyber News was published on therecord.media. Publication date: Tue, 31 Jan 2023 14:25:02 +0000