Naked Security Naked Security

Council returns to using pen and paper after cyberattack

Ten days after a suspected ransomware attack, residents of the English borough of Redcar and Cleveland must be starting to wonder when their Council’s IT systems will return.

Ten days after a suspected ransomware attack, residents of the English borough of Redcar and Cleveland must be starting to wonder when their Council’s IT systems will return.
The first public sign of trouble appeared on the morning of Saturday, February 8, when the following message appeared on the Council’s website:

The requested service is temporarily unavailable. It is either overloaded or under maintenance. Please try later.

The Council later confirmed that it had been hit with a cyberattack affecting its internal and external-facing IT systems, with the notable exception of property tax payments.
The Council is back to working from pen and paper and able to field only urgent emails and telephone enquiries. Council leader, Councillor Mary Lanigan, told the BBC:

Computers have been taken offline and systems are being rebuilt. We have a massive team here – including cyber-security experts – working around the clock flat out to get it fixed.

The Council hasn’t explained the nature of the cyberattack, but it’s quite possible that this is yet another ransomware attack of a type that has become a huge problem across the world. The UK’s National Cyber Security Centre (NCSC) has confirmed it is assisting the Council.
This is happening over and over again. In January, it was schools in California, in November it was a company managing 110 nursing homes in the US, and in September the city of New Bedford in Massachusetts – the latest in a long line of US cities hit by the plague of hijacking networks for money.

How to protect yourself from ransomware

  • Pick strong passwords. And don’t re-use passwords, ever.
  • Make regular backups. They could be your last line of defense against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
  • Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
  • Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off Remote Desktop Protocol (RDP) if you don’t need it, and use rate limiting, two-factor authentication (2FA) or a virtual private network (VPN) if you do.
  • Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects. Individuals can protect themselves with Sophos Home.

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.