Old, on-premise systems targeted in Hackney ransomware attack

The Pysa ransomware attack on Hackney Council successfully targeted older, on-premise servers and systems that had not yet been migrated to the cloud, the council has revealed.

In a new update to the general public this week, Hackney Council said it had invested heavily in new technology and cloud-based services and believed it was ahead of the curve compared with its peers in this regard.

“We take cyber security extremely seriously and have invested heavily in modern technology and cloud-based services – ahead of many other councils,” said a spokesperson. “We were not complacent before the attack, and will continue this investment in our cyber security in the future, learning from this incident.

“While we’ve been proactive about moving away from old-fashioned servers and PCs to cloud-based services, some of these older systems still remain – as they do in any large public sector organisation. It is these older systems that were subject to the cyber attack in October [2020].”

Earlier this month, it was revealed that data stolen in the attack by the Pysa group is now being leaked – strongly suggesting that Hackney Council has resisted demands to pay. The leaked data includes passport data, scans of tenancy audit documents for public housing tenants, staff data, and information on community safety.

“Our team had planned for any eventuality following October’s attack, and had a structured plan in place to respond to the publication of any data,” the council said. “Working with partners and the police, we are now executing this plan.”

The council reiterated that the publication of the data – a so-called double extortion attack designed to increase pressure on it to give in to the cyber criminals’ demands – should not affect the majority of residents or businesses in the London borough, but said it understood the public’s concerns, and apologised again.

At the time of writing, the council still believes the majority of personally identifiably information (PII) it holds is safe and that the leaked dataset is limited in its scope – also, it has not been published on a widely known forum, and is not searchable through Google or other search engines. A review is ongoing, and the Information Commissioner’s Office has been notified.

The council added that the data leak changed nothing in how it was going about restoring its disrupted services – a full list of which is available here.

“This was a complex and sophisticated criminal attack on public services, and we share your anger and frustration about how it continues to affect your services in the middle of responding to the coronavirus pandemic,” the spokesperson said.

In emailed comments, Hackney Council told Computer Weekly that, given it is involved in a live criminal investigation, it cannot yet put a timeframe on when its full suite of public services will be restored. Some may be unavailable for a number of months, but work is in progress to safely restore as much as possible, and many of the initially-impacted services are up and running again.

Source link

Latest articles

South Carolina County Suffers Weekend Cyberattack

A coastal South Carolina county says hackers broke into its computer network over the weekend. A statement from Georgetown County’s local government Monday said...

Open source magic solves a months-long problem in 20 minutes

Commentary: Capventis and other system integrators increasingly depend on open source to help them solve...

Preparing for the “unlockdown”: Your team’s needs have changed, so listen to them

Many signs point to 2021 being a year of significant change as the world reopens....

How to optimize the MTU setting on your router for better performance

Depending on make and model, your home router/modem may be configured for basic web surfing...

Related articles

Leave a reply

Please enter your comment!
Please enter your name here