Gloucester City Council’s managing director, Jon McGinty, issued a serious warning that it’s no longer a matter of if, but when Gloucestershire councils will face cyber attacks. This caution comes after the council itself fell victim to a sophisticated cyber attack in December 2021, resulting in prolonged disruptions to essential services.
The attack severely hampered various public services in Gloucester, affecting crucial functions such as housing benefit claims, council tax payments, and leisure center bookings. Despite commendation for its resourcefulness in maintaining services during the recovery phase, the council is still in the process of fully reinstating its systems almost 18 months later.
Prior to the attack, the council had invested substantial amounts in fortifying its cyber defenses. This included measures such as enhancing the firewall, implementing two-factor authentication, upgrading the patching regime, and conducting regular staff and member cyber awareness training sessions. Despite these efforts, the council was targeted by Conti, a group of Russian hackers, through a highly sophisticated spear phishing attack that resulted in data extraction and ransomware encryption of its servers.
READ MORE: Sudeley Castle’s Spectacle of Light Illuminates with New Wizard of Oz Theme
READ MORE: Gloucestershire Braces for Snowfall - Met Office and BBC Weather Predictions
In the aftermath of the attack, an investigation revealed that around 230GB of council files had been transferred to an unidentified destination after being shared on a website in New Zealand. Additionally, the attackers had compromised the majority of the council’s systems, rendering them inoperable. The incident also prompted scrutiny from the Information Commissioner’s Office, citing the council’s lack of adequate monitoring systems and calling for a comprehensive review of its backup and disaster recovery measures.
The authority’s decision not to engage with the attackers or pay the ransom, in adherence to the guidance from the National Cyber Security Centre, is commendable. However, the aftermath of the cyber attack continues to pose challenges, with ongoing efforts to restore the council’s systems and address the lapses in its monitoring and disaster recovery protocols.