Critical systems restored at English council following ransomware attack

Less than two months after a ransomware attack impacted St Helens Borough Council in northwest England, most services at the council are running again.

Located between Liverpool and Manchester, the council — the local government authority in an area with about 180,000 residents — announced a “suspected ransomware incident” toward the end of August.

It follows a number of severely disruptive cyberattacks on councils in England, including Redcar and Cleveland in the northeast, Hackney Council in London, and Gloucester City Council in the west of England.

According to a surprisingly neglected dataset published by the Information Commissioner’s Office (ICO), there have been more reported ransomware incidents affecting local government authorities in the first half of this year than there have been since the regulator began counting incidents back in 2020.

Following the August attack on St Helens — which occurred too late to be included in the most recent update to the ICO data — a number of the council’s IT systems were made unavailable “causing disruption to the typical operational activities and the services provided by the local authority,” a spokesperson told Recorded Future News on Wednesday.

"While most council services have returned to business-as-usual, less than eight weeks after the incident, work continues to reinstate the remaining non critical system that have been impacted,” the spokesperson added.

Following the attack, residents were advised to “be vigilant with any emails received from St Helens Borough Council,” with a particular warning to look out for phishing emails claiming to be from the bank informing them that a new direct debit has been set up, with a link to confirm their details — with the link in truth allowing the criminals to harvest those details from victims.

“Please be reassured that together with our cyber security specialists we are working to resolve this incident, but obviously this is a very complex and evolving situation,” the spokesperson said.

As reported at the time by local newspaper the St Helens Star, the council members only weeks before the attack had provided an update on their strategic risk register which said “robust” measures were in place against cyberattacks.

The council spokesperson told Recorded Future News: "In response to the incident, further cyber hardening controls have been implemented and continue to be enhanced in coordination with the council's cyber security service provider."

Mary Lanigan, the leader of Redcar council at the time of the incident, told a parliamentary committee earlier this year that an unnamed government minister had told her to keep quiet about the impact of the “catastrophic” attack — something which she said “caused us a lot of issues.”

The attack impacted children and adult services, meaning reports coming in regarding safeguarding were missed and fostering services were disrupted. The incident also prevented staff from accessing the council’s records and their access to telephone lines, email, computers, printers and other electronic devices.