[BreachExchange] Council hit by cyber attack reveals £2m cost

Destry Winant destry at riskbasedsecurity.com
Wed Oct 10 20:16:59 EDT 2018


A Cumbrian council has said it will "never know" whether it was the
target of a cyber attack because it is host to the Sellafield nuclear
waste plant.

Copeland Borough Council has revealed that an attack on its systems in
August 2017 has cost it about £2m.

The hack locked staff out of a number of council services, including
payroll, planning and environmental health.

The authority said it had brought in experts to better protect the
authority from any future attack.

Copeland, Islington and Salisbury councils were all targeted in the
Bank Holiday cyber attack, in which hackers demanded a bitcoin ransom
to regain access to encrypted files. No sensitive data was taken.

Some processes were not restored until February this year.

Copeland's chief executive, Pat Graham, said: "We will never know if
we were targeted because we host the largest nuclear site in Europe
and are home to 80% of the UK's nuclear waste.

"But we are of the view that this was a sustained, resourced
professional attack. This wasn't a spotty kid in a bedroom. It was an
interstate attack."

She said the attack could not have been prevented because the virus
used was so new at the time that it was not detected by antivirus

Council teams now use cloud storage for key documents.

The authority has also invested in more up-to-date IT equipment,
introduced compulsory training and redesigned its internal networks to
ensure they can be isolated in the event of a similar attack.

Ms Graham added: "There is no way we could have kept this attack out,
but had we had great IT investment we probably would have recovered

In February a report by privacy group Big Brother Watch based on
Freedom of Information requests found that 114 councils experienced at
least one cyber attack between 2013 and 2017.

The group said it was "shocked" that staff often lacked cyber-training.

A Local Government Association spokesman said councils were working
with the National Cyber Security Centre to ensure systems were as
"robust and resilient as possible".

Police and the Information Commissioner's Office are investigating the attack.

More information about the BreachExchange mailing list