top of page

Cyber-attacks targeting local authorities cost up to £10m in remediation costs

Since the beginning of 2020, three local authorities have suffered major cyber-attacks, with two of these attacks reportedly costing at least £10m in recovery costs.

Redcar and Cleveland Borough Council were hit in February 2020, Hackney Borough Council in October 2020 and more recently Gloucestershire Council were targeted in December 2021.

This week, it was reported that Gloucestershire Council are still recovering from the attack, almost six months on.

Redcar and Cleveland Borough Council were targeted in a ransomware attack on February, 8th, 2020 resulting in services from bin collections, street cleaning, schools, housing and social services being massively affected.

The Hackney Borough Council ransomware attack caused similar disruption. The threat actors allegedly posted residents and employee personal data, extracted during the attack, on the dark web some four months later.

The recovery cost for both Redcar and Hackney’s attack is estimated to be in the region of £10m with recovery steps including rebuilding IT infrastructure and a review of working policies.

This week, it was reported that Gloucester City Council are still not operating at capacity, after their attack in December. The council were suspectedly targeted by Russian threat actors who deployed sleeper malware, a malware which lays dormant on a system before activation to further infiltrate a network and encrypt data.

The council originally set aside £380,000 to remediate and recover from the incident, but the final bill is estimated to exceed one million pounds.

The full extent of the cyber-attacks against each council have not been fully disclosed, however the Hackney Council attack was claimed by PYSA ransomware. PYSA have previously targeted their ransomware against large private companies and government organisations.

However, the targeting of Hackney council showed a shift in the groups techniques, demonstrating that such organisations are not off-limits to the targeting of many ransomware variants.

The fallout of attacks against local councils, observed over the past two years, demonstrates how costly and detrimental cyber-attacks can be to the operations of public sector services.

Additionally, it is clear that critical public sector organisations remain lucrative targets to attacks due to the high-profile attention they receive, and sensitivity of data held.

If you're a member of a council and would like to know how we can help, get in touch with us today.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page