In the Council under cyber attack

UK UK UK Investigation

Viruses spread in email attachments via Redcar and Cleveland's computer network

In the early hours of the morning, an IT engineer ran on the dark winter streets of Redcar in northeast England.

The dashboard was prompted by a worrying alarm about the council's computer network, and he quickly rushed to shut down the server in an attempt to stop the spread of the virus. It's too late.

Hackers competed for the IT systems of Redcar and Cleveland Council and soon needed payments to recover it.

The February 2020 cyber attacks have caused chaos, undermining everything from collection collections to social services and how to keep vulnerable children safe.

"I got a call and said we were hit," recalled Mary Lanigan, the head of the council, and "the destruction of our system is all."

In recent weeks, cybercriminals have targeted major retailers and cooperatives, including M&S, resulting in empty shelves and breach of customer data.

However, Ciaran Martin, a former head of the National Cybersecurity Center (NCSC), said his “biggest cybersecurity concern” is the threat of attacking public services simultaneously, such as parliament and hospitals, that could “destroy lives.”

The BBC has been investigating how the attacks on Redcar and Cleveland were carried out, bringing things back to normal and what impacts on locals are needed.

Mary Lanigan says the impact of cyberattacks has been "destructive"

Redcar and Mary Lanigan, former head of the Cleveland Council, sat in a large red-brown leather armchair. She wore a blue long-sleeved top and glasses. She had white hair on her shoulders, her legs crossed, and her fingers hung together on her legs. — Mary Lanigan says the impact of cyberattacks has been "destructive"

A few days ago Saturday, February 8, 2020an email with seemingly harmless attachment arrived at the Council inbox. Hidden inside is a piece of malware that hibernates in the council's network until it is activated remotely.

Within hours of activation, it spreads throughout the computer system, locking staff and disrupting files.

go through Saturday 11:00 GMT,,,,, Local residents began to notice that the Council’s website was offline.

Mrs. Ranigan said of efforts to stop the virus: “There’s nothing we can do.”

“You have to be practical, so actually there are more calls so people can call us.”

News spread, but Mrs. Lanigan lost her post in the 2023 local elections, claiming she received pressure from council officials and the central government to not speak out.

The Council refused to be interviewed about the attack but said there was no pressure or directive to not speak publicly at that time or after.

Mrs. Lanigan said nothing in 2020, but now admits that the Council is dealing with the crisis.

"It's devastating," she said. "Damage to us, the staff, the public and everyone else."

She said they lost the ability to share information with police and the NHS, while social services and elderly care services were phased out.

“Even if someone rings and says ‘My bin has not been emptied’” it has not been disposed of.”

By morning Monday, February 10 IT employees desperately go from table to table, putting infected computers in a growing heap.

"When we see how much damage is being done, we realize it can take weeks, maybe years," said Ben Saunders, its worker.

Meanwhile, experts from NCSC (part of GCHQ) are considering the Council’s request for help.

Mr. Martin, who was then the CEO of NCSC, said it was "exceptionally serious".

“If the Council tells you that they are concerned about their ability to serve vulnerable children, you will take that very seriously.”

People are worried that the task of social workers is to keep young people safe and will struggle to do their jobs without accessing the online records they rely on to help you provide difficult decisions.

Mr Martin calls it an “unusual” step, NCSC officials are deployed to Redcar.

exist Tuesday, February 11 - The second working day after the attack - The hacker made a demand for ransom.

The exact figures have never been made public, but Mr Martin said it is likely to be in "low single characters millions of dollars."

The current government is considering banning public sector from paying ransoms to hackers, but while that's guidance, there is no formal ban in 2020.

No matter what, Mrs. Lanigan didn't mind coughing. "I'm a Yorkshire woman and that's it's impossible for me to pay any ransom to anyone."

the next day, Wednesday, February 12the government held a Cobra meeting to coordinate responses to major emergencies.

"That's when you realize how serious it is," the former council leader said. "It's not just some hackers sitting in the bedroom and playing with computers."

Paul had to quit his job to take care of Clare when the council system they rely on took a blow

Redcarre residents Clare and Paul were affected by cyber attacks. They sit on a gray sofa covered with mats. Both wore black tops and dark frame glasses. Clare has shoulder-length blonde hair, with a center split. Paul's black hair is short, with beard and beard. — Paul had to quit his job to take care of Clare when the council system they rely on took a blow

When rebuilding the system, the Council rewinds the clock and then returns with paper and pen. Many features will be stopped or greatly slowed down.

At the time, Redcarl's couple Paul and Claire were "very heavily dependent on the Council."

Clare needs support from caregivers and professional equipment to help solve a debilitating disease called functional neurological disease.

"You're going to wait on the phone for a few hours," Paul said. "When people come, it's handwritten notes, so the system won't be updated. It's a real nightmare."

The couple waited many months to get the support they needed. Meanwhile, Paul quit his job to take care of his wife.

Staff have continued to work to get the Council back online and have restored the temporary social service system within a few weeks.

go through May 2020 The committee said it still returns only 90% and the system will take 10 months to fully recover.

"Some of them can be restored; many of them were built from scratch," Mr. Sanders said. "It was a very meticulous, long process."

However, there are several years of evidence that presents evidence of who is the post-cyber attack.

exist February 2022It is one of the world's most prolific ransomware gangs, and the Russian-based conglomerate collapsed.

After Russia hacked its neighbors, pro-Ukrainian hackers leaked the group's private information and data, revealing details of some of the most dangerous cybercriminals.

A year later, February 2023a group of Russian hackers were attacked by British and U.S. governments on businesses, schools and councils, including Redka and Cleveland.

From social services to garbage collection, almost all council services have been compromised by cyber attacks

Getty Images Two Redcar and Cleveland Council workers collected the bins. They are on the streets of semi-detached houses. Both wear orange high-volt clothing and rotate three blue bins to the back of the garbage truck. — From social services to garbage collection, almost all council services have been compromised by cyber attacks

Earlier that year, Mrs. Ranigan provided evidence of the attack in Parliament. She said the response was £11.3 million in compensation, and they received £3.68 million from the government.

Since there is no insurance for the attacking authorities, the differences must be taken out of their limited reserves.

A council spokesman said that despite its general insurance coverage, it still does not cover specific policies for cyberattacks.

They said a recent inspection by external auditors found that the Council had made appropriate arrangements and controls to reduce the possibility of cybersecurity violations.

But it is the only council facing such an attack. According to the Information Commissioner’s Office, 202 ransomware attacks were carried out on local authorities in 2024.

The government said “take action to protect local councils and provide funds to increase their online defense”.

But Mr. Martin is concerned that attacks on the Council and other public services may “show how hostile nations can undermine our society”.

"Red Carr and Cleveland are a crisis," he said. "Where are 10 Red Carr and Cleveland at the same time? What about a hundred of them? That's unimaginable."