Afiq Sam - stock.adobe.com
St Helens Council in Merseyside hit by ransomware attack
St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks
St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, by an as-yet undisclosed threat actor, that has brought down various systems across its IT estate, although the majority of its customer-facing systems appear to remain operational.
Full details of the cyber attack have yet to emerge, but the council has confirmed that its IT teams first identified the intrusion two days ago, on Monday 21 August, since when the council has engaged external cyber security support and forensics to investigate further.
“We are currently dealing with a suspected ransomware incident on the council’s IT systems and networks. We have now put in place a number of security measures to keep our IT networks running safely,” a spokesperson said.
“We are continuing to provide council services via our website. Some internal systems to the council are currently being affected due to the actions we have put in place to prevent any further impact, and whilst a full investigation is undertaken,” they told Computer Weekly in an emailed statement.
“Please be reassured that together with our cyber security specialists we are working to resolve this incident, but obviously this is a very complex and evolving situation.”
The council is telling residents to be mindful of their own online safety and to be wary of any suspicious communications that may purport to be from the council. This may suggest that personal data, including contact details, has been exfiltrated during the course of the cyber attack, although at the time of writing this was unconfirmed.
St Helens is home to approximately 180,000 people and is one of six local government districts in the Liverpool City Region. It covers both suburban and rural areas, including the towns of Haydock, Newton-le-Willows, and St Helens itself, which is home to the eponymous Rugby League team.
Mike Newman, CEO of My1Login, an identity and access management (IAM) specialist, said: “Given that this incident follows a long string of ransomware attacks on UK councils, St Helens should have plans already in place to contain the incident quickly and prevent it causing catastrophic financial losses, like we saw when Hackney Council suffered a ransomware attack that cost the authority over £10m.
“Ransomware is the most prominent [form of] cyber attack today and the volume of attacks are reaching record highs. It is vital that all businesses, both public and private, prioritise their defences.”
Newman added: “With data frequently revealing that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, the incident further reinforces the importance of organisations moving away from password-based security mechanisms, and improving their cyber defences through passwordless [authentication], where there are no passwords to be stolen or phished from employees.
“By removing passwords from employees, this closes the door on ransomware’s most frequently used attack vector and significantly bolsters cyber defences.”
Read more about ransomware
- Cyber breaches that saw data theft and extortion without an encryption or ransomware component account for more and more incidents, a possible indication that ransomware gangs are changing up their business models.
- A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps and download a free template to get started.
- At Black Hat USA, Sophos X-Ops researchers share data revealing potential connections between three active ransomware crews.