St Helens Borough Council in Merseyside has fallen victim to a suspected ransomware attack, according to an official statement released on Monday, August 21. The local authority has described the incident as a “complex and evolving situation,” with cybersecurity experts currently investigating the breach.
The ransomware attack, a type of cyber threat where criminals encrypt files and demand payment for their release, has affected some of the council’s internal systems. Though full details of the attack have yet to emerge, the council has assured residents that the majority of customer-facing systems remain operational.
In recent years, ransomware attacks have become a significant threat to organizations, with high-profile incidents such as the 2017 attack on the NHS. UK councils have faced an increasing number of cyberattacks, with some, like Redcar and Cleveland Council and Hackney Council, facing millions of pounds worth of damages.
St Helens Council has taken immediate actions, including engaging external cybersecurity support and forensics to investigate further. “We have now put in place a number of security measures to keep our IT networks running safely,” a spokesperson said. The council is also providing its services via its website and has urged residents to be mindful of their online safety, warning of potential phishing scams related to the breach.
The incident at St Helens comes amid reports of outdated cybersecurity measures across many UK councils. A recent survey by TechnologyOne found that almost 59% of senior leaders at local authorities considered their approach to cybersecurity outdated, and only a quarter ranked it among their top three priorities.
Mike Newman, CEO of My1Login, an identity and access management specialist, emphasized the need for robust cyber defenses. “Ransomware is the most prominent [form of] cyber attack today, and the volume of attacks is reaching record highs,” he said. Newman encouraged organizations to move away from password-based security mechanisms, as phishing and credential theft are common attack vectors used to deploy ransomware.
As St Helens Council continues to work through the situation, the incident serves as a stark reminder of the ongoing and ever-evolving threat of cyberattacks. The council’s efforts to contain and resolve the issue will be watched closely, not only by the approximately 180,000 residents of the area but also by other councils and organizations that must be vigilant against the persistent danger of ransomware.
For tips on how to stay safe online and recognize potential scams, St Helens Council directs residents to www.sthelens.gov.uk/watchoutforscams. The council, along with its cybersecurity specialists, remains committed to resolving this incident and ensuring the safety of its networks and data.
“Ransomware has wreaked havoc on UK councils over the last few years, with some attacks costing authorities millions of pounds to recover from. Hopefully, this won’t be the case for St Helens, but it’s unlikely they will understand the full scope of the incident at this early stage, unless they comprehensive incident response plans already in place.
No organisation can prevent all cyberattacks, but incident response planning is the best way to reduce the impact of them. It is essential that all businesses get these plans in place as a priority, because ransomware attacks are soaring and no company is immune to the threat.
The core place to start is having a ransomware response plan ready to activate at a moment’s notice. Knowing exactly who will be involved, how to assess the scope of compromise, whether to notify regulators and customers, and how to communicate transparently can make all the difference in resilience. Equally important is network segmentation to limit spread and access controls to protect your company jewels. Assume you’ll be breached and make it hard for criminals to move laterally. Furthermore, organisations should never forget the human element – staff. Training and awareness programs to recognise phishing attempts and other social engineering ploys are crucial. Cybercrime often starts with human error – we can only close that vulnerability through education and support.
Now that the attack is public, criminals will be looking to make money where they can. This could involve targeting residents of St Helens with phishing emails. Residents must be vigilant for emails being sent to them relating to the breach. If an email asks residents to click on a link, or hand over sensitive personal or financial data, it’s best to ignore the request and contact the council directly via their official website or phone number.”
“Given that this incident follows a long string of ransomware attacks on UK councils, St Helens should have plans already in place to contain the incident quickly and prevent it causing catastrophic financial losses, like we saw when Hackney Council suffered a ransomware attack that cost the authority over £10 million.
Ransomware is the most prominent cyberattack today and the volume of attacks are reaching record highs. It is vital that all businesses, both public and private, prioritise their defences.
With data frequently revealing that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, the incident further reinforces the importance of organisations moving away from password-based security mechanisms, and improving their cyber defences through passwordless, where there are no passwords to be stolen or phished from employees.
By removing passwords from employees, this closes the door on ransomwares most frequently used attack vector and significantly bolsters cyber defences.”