English council spent £1.1 million recovering from ransomware attack

Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million to recover from a ransomware attack in December 2021, according to the published agenda of a council meeting that took place on Monday. The meeting followed the council receiving a formal reprimand by the Information Commissioner's Office for failing to prevent a cybersecurity incident that was discovered just before Christmas. A data breach notification previously published on the council's website said "Information containing personal details of residents and members of the public was taken in a sophisticated cyber-attack by a cyber-criminal group." The "Sophisticated cyber-attack" was a spearphishing email, according to the published agenda, which detailed costs including bringing in specialist security consultants and software to aid the recovery, replacing key equipment, and the council migrating all of its IT systems to cloud hosting. Of the total, £250,000 was covered by grants from the government. The ICO's reprimand highlighted several failures, including the lack of a "Security information and event management system" and failing to prevent the ransomware attacker tampering with the council's logs, which allows them to erase "Crucial evidence" and hindered both the investigation and remediation of the incident. The lack of a SIEM "Significantly restricted Gloucester City Council's ability to effectively monitor and respond to security incidents, detect anomalous activities, and identify potential threats." Although the council had backup systems in place, these "Were not utilised" as the council instead opted for a "Full rebuild" of its systems "Which significantly impacted the timeline for recovery of access to personal data." Part of the ICO's reprimand regarded how the council failed to "Restore access to personal data, or the systems that stored personal data, in a timely manner," and that it was "Unable to determine the data subjects at risk of harm from the incident in order to notify them." These were all considered breaches of the U.K.'s General Data Protection Regulations, and they come with a potential fine of to up to 4% of the organization's global turnover. The ICO opted for a reprimand, noting at mitigation that council did have backups in place and that the "Initial attack vector for this incident was a phishing email received from a legitimate third-party email address" rather than a specific vulnerability that the council should have fixed ahead of time. The ICO also noted that - although they were not considered adequate - there were "Some systems in place for gathering and reviewing logs." The attack on Gloucester City Council back in December 2021 has been followed by many more impacting organizations in Britain. Ransomware attacks have been on the surge since 2020, according to the ICO's data, and not only hit record numbers last year but look set to do so again in 2023. There have been almost as many incidents affecting organizations in Britain in just the first half of this year as there were during the entirety of 2021 - including 64 attacks on local government within just six months, more than the 60 incidents in total that had been recorded in the three years previously. AI systems 'subject to new types of vulnerabilities,' British and US cyber agencies warn. High-profile ransomware gang suspects arrested in Ukraine. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

This Cyber News was published on therecord.media. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to English council spent £1.1 million recovering from ransomware attack

English council spent £1.1 million recovering from ransomware attack - Gloucester City Council in the West Midlands of England was forced to spend more than £1.1 million to recover from a ransomware attack in December 2021, according to the published agenda of a council meeting that took place on Monday. The meeting ...
11 months ago Therecord.media
British Government Minister Told Council to Keep Quiet After Ransomware Attack - An unnamed British government minister told the leader of Redcar and Cleveland Borough Council to keep quiet about the impact of a catastrophic ransomware attack two years ago, a parliamentary committee was told on Monday. The pressure from central ...
1 year ago Therecord.media
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
Suspected ransomware attack hits Scottish council - Public services across the Na h-Eileanan Siar - the Outer Hebrides - in Scotland continue to be disrupted following a suspected ransomware attack on the IT systems of the local council, Comhairle nan Eilean Siar. "Writing on X, the website formerly ...
11 months ago Computerweekly.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
11 months ago Bleepingcomputer.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
11 months ago Helpnetsecurity.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
9 months ago Darkreading.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
11 months ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
Oldham Council facing 10,000 cyber attacks a day, report says - A council is to spend £682,000 on computer upgrades after bosses said they were fighting off 10,000 cyber attacks a day. Members of Oldham Council's cabinet said they would use the money to buy a "Modern data protection service". Their current ...
11 months ago Bbc.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
11 months ago Bleepingcomputer.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
9 months ago Malwarebytes.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
9 months ago Securityboulevard.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
10 months ago Bleepingcomputer.com
The Evolving Landscape of Ransomware Attacks - 1.7 million ransomware attacks are happening every day. Many people think the virus has locked their computer, but it is actually the ransomware that has locked all their files. As the name ransomware suggests they are after ransom. Stealing or ...
10 months ago Cyberdefensemagazine.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)