English council warns residents after suspected ransomware attack

St Helens Borough Council in northwest England, between Liverpool and Manchester, has been targeted by a suspected ransomware attack.

An initial statement on the council’s website says it was “currently investigating a potential cyber incident” and “working with specialist cyber security teams to maintain access to online services.”

A spokesperson confirmed that a “suspected ransomware incident on the council’s IT systems and networks” was first identified on Monday. The council is the local government authority in an area with about 180,000 residents.

Internal systems are affected “due to the actions we have put in place to prevent any further impact, and whilst a full investigation is undertaken,” the spokesperson added. It is not clear what data, if any, was stolen on the district’s residents, nor has the council explained exactly what services have been impacted.

The council has warned residents to “be vigilant with any emails received from St Helens Borough Council.”

Locals are being told to look out for phishing emails claiming to be from the bank informing them that a new direct debit has been set up, with a link to confirm their details — with the link in truth allowing the criminals to harvest those details from victims.

“Please be reassured that together with our cyber security specialists we are working to resolve this incident, but obviously this is a very complex and evolving situation,” the spokesperson said.

As reported by local newspaper the St Helens Star, the council members recently provided an update on their strategic risk register which said “robust” measures were in place against cyberattacks.

Ransomware attacks on Redcar and Cleveland Council in England’s northeast; Hackney Council in London; and Gloucester City Council in the west of England have caused enormous disruption to public services.

Mary Lanigan, the leader of Redcar council at the time of the incident, told a parliamentary committee earlier this year that an unnamed government minister had told her to keep quiet about the impact of the “catastrophic” attack — something which she said “caused us a lot of issues.”

The attack impacted children and adult services, meaning reports coming in regarding safeguarding were missed and fostering services were disrupted. The incident also prevented staff from accessing the council’s records and their access to telephone lines, email, computers, printers and other electronic devices.