Ouch: Brit council still staggering weeks after ransomware bit its PCs

'Unable to process planning applications and land searches'

League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC

A ransomware assault late last month is continuing to affect the operations of Copeland Borough Council in the northwest of England.

The processing of planning applications is still being affected weeks after a major cyberattack hit the council in rural North West England. The planning application for a housing development of around eight homes in the Cleator Moor area has been held up, according to local reports.

The borough council (CBC) was one of a number of councils to be affected by a cyber ransom attack last month. Problems remain ongoing and it’s not clear when they will be resolved.

“Copeland Council has been unable to process planning applications and land searches during the period since the attack,” according to local paper the Carlisle News and Star.

A spokeswoman for the borough council confirmed over the phone that it had been hit by ransomware. She didn’t know the strain of file-encrypting nasty causing the problem. The particular systems affected was a confidential matter that she wasn’t able to disclose, The Register was told.

A statement on the front page of Copeland’s website confirms a problem. Residents were told to be wary of phishing schemes posing as invoices and the like from the council.

We are victims of a major cyberattack, this is currently affecting our systems and our priority is to ensure that our frontline services are operating as far as practicable, and that our most vulnerable residents are supported.

A lengthy statement forwarded to El Reg said it had turned off its network while it rebuilt systems. It confirmed local reports that it was currently “unable to process planning applications and land searches.” The council added that it had been a victim of a “malicious and random professional attack.”

The payment of benefits and waste collection are operating as normal since the technology behind delivering these services is run through off-site servers.

Numerous back office systems have still not been restored at the borough council, according to a tipster who approached El Reg about the disaster.

Our source said that Allerdale and Carlisle councils had a shared service arrangement with Copeland council and might therefore be affected. A representative of Allerdale council in west Cumbria, however, said it had not been affected by the cyberattack at any point. Carlisle city council could not be reached by phone on Thursday afternoon.

Ransomware infections at UK local authorities have happened before. Lincolnshire County Council and North Dorset District Council were both hit last year, for example.

Councils would seem to be a poor target for profit-hungry thieves, however, since most are perennially cash strapped – or so they’d have central government believe. These councils are tasked with providing a wide variety of local services, ranging from housing, refuse collection and social services to policing and education. They are funded by a mixture of local taxes and central (ie, Westminster) government grants. ®


Biting the hand that feeds IT © 1998–2017