The untold story of a crippling ransomware attack

It was Sunday morning in mid-October 2020 when Rob Miller first heard about the issue. The databases and IT systems at Hackney Council in East London suffered from disruptions. At the time, the UK was approaching the second deadly wave of the coronavirus pandemic, with millions living in lockdown and normal life severely disrupted. But for Miller, the strategic director of a government agency, things were about to get much worse. “By lunchtime, it became clear that these were more than just technical issues,” says Miller.

Two days later, leaders of Hackney Council, which is one of London’s 32 local governments and is responsible for the lives of more than 250,000 people, said it was cyber-attacked. Criminal hackers planted ransomware that severely compromised his systems, limiting the council’s ability to care for the people who depend on it. The Pysa ransomware gang later claimed responsibility for the attack and, weeks later, claimed to be publishing data he stole from the council.

Today, more than two years later, the Hackney Council is still dealing with the enormous consequences of a ransomware attack. For about a year, many municipal services were unavailable. Critical council systems, including housing allowances and welfare services, did not function properly. While its services are now back up and running, some parts of the board still don’t work as they did before the attack.

A WIRE analysis of dozens of council meetings, minutes and documents reveals the extent of the disruption that ransomware has inflicted on the council and, most importantly, the thousands of people it serves. As a result of the attack of an insidious criminal group, people’s health, housing and financial situation suffered. The attack on Hackney stands out not only for its severity, but also for the amount of time it took for the organization to recover and help those in need.

ransom demands

You can think of local governments as complex machines. They consist of thousands of people who manage hundreds of services that affect almost all aspects of human life. Much of this work goes unnoticed until something goes wrong. For Hackney, a ransomware attack brought the car to a halt.

Among the hundreds of services provided by Hackney Council are social and child care, garbage collection, benefits for people in need of financial support, and public housing. Many of these services are performed using proprietary technical systems and services. In many ways, they can be considered critical infrastructure, making Hackney Council look like hospitals or energy providers.

“Attacks on public sector entities such as local councils, schools or universities are quite strong,” says Jamie McCall, a cybersecurity and threat researcher at the RUSI think tank, which studies the impact of ransomware on society. “It doesn’t look like a power outage or a water outage… but these are things that are critical to our daily existence.”

All systems hosted on Hackney servers were affected, Miller told advisors at one public meeting to assess a ransomware attack in 2022. Social Security, housing benefits, council tax, business rates and housing services were some of the hardest hit. Databases and records were inaccessible – the council did not pay any ransom demands. “Most of our data and our IT systems that created it were inaccessible, which really had a devastating effect on the services we were able to provide, but also on the work we do.” – Lisa Stadl, Data and Insights Manager of the Council Hackney said in a conversation about the restoration of the council last year.