[BreachExchange] Redcar Council suffered £10.14m loss due to February ransomware attack

Fri Aug 7 10:15:05 EDT 2020

https://www.teiss.co.uk/redcar-council-cyber-attack-loss/

A ransomware attack targeting the Redcar and Cleveland Borough
Council's IT systems in February inflicted a financial loss of £10.14m
to the Council, forcing it to seek additional budgetary support from
the government.

In a budget update report published 4th August, the Redcar council
cabinet stated that the ransomware attack resulted in "total forecast
impact of £10.144 million", adding that it is still relatively
difficult to determine what the ultimate impacts of this unprecedented
incident will be even though the attack took place in February.

The Council said that prior to the cyber attack, it had
"industry-standard tools deployed to secure its network" that were
configured to provide optimum protection as per the standards set out
by the Public Services Network (PSN). However, these measures proved
inadequate in preventing the cyber attack.

"In terms of our response to the cyber-attack, the council acted
quickly and effectively, working extremely hard to mitigate the
effects on our key services and most vulnerable residents. However,
the attack did permeate almost all functions of the council, and the
required response and consequential impacts will have a bearing on the
council’s finances," the council said.

"Best estimates have been made and refined along the way as our
recovery work has progressed. The council has worked closely with
government on our response and recovery, and have been in regular
dialogue regarding government support for the estimated financial
impact on the council.

"A total forecast impact of £10.144 million was provided to
government, along with further information to inform their due
diligence process. This has now concluded and the government have
agreed to provide support to the council in dealing with this
financial impact," it added.

Aside from making additional improvements to its cyber defences in the
aftermath of the ransomware attack, Redcar council added itself to the
list of pilot authorities to enrol on a National Cyber Security Centre
(NCSC) scheme which will provide threat intelligence information
exchange between the council and NCSC.

When the ransomware attack targeting Redcar council took place, Matt
Rahman, COO for IOActive, told TEISS, that in order to avoid such
devastating cyber attacks, organisations must adopt a 'cybersecurity
by design' framework or process – with networks, systems, applications
and technologies designed and built with security in mind - enabling
them to take a proactive approach

"This way, you have a clear understanding of what you’re connecting,
who is using it and where it’s appearing within the organisation and
how do you monitor it for security events. Essentially, you’re looking
holistically at your entire technology ecosystem.

"As you have the right processes in place, organisations can respond
quickly and effectively to potential breaches or vulnerabilities as
and when they occur – and importantly, remediate any incidents that do
occur quickly," he added.

Carl Wearn, Head of E-Crime at Mimecast, said that those responsible
for leading any organisation’s cyber security must take sensible
precautions such as non-networked backups, email and archiving
fall-backs. This current threat should be a stark reminder that “it
will always happens to someone else, not us ” attitude can no longer
reside.