Local authority said internal systems have been affected, describing the incident as a “complex and evolving” situation.
St Helens Council is investigating a suspected ransomware attack, the local authority said in a statement. It has confirmed some of its internal systems have been affected, describing the incident as a "complex and evolving" situation. Cybersecurity experts are currently investigating the incident.
The attack was first identified on Monday August 21 and the Council said it immediately alerted its external cybersecurity contractor. "We have now put in place a number of security measures to keep our IT networks running safely," it claimed. As it works through this ongoing situation, the local authority urged residents to be mindful of how to keep themselves safe online and be alert to any communications they may have received from the council.
UK councils face more cyberattacks
UK councils have been battling increasing numbers of cyberattacks over the past few years. In 2020, both Redcar and Cleveland Council and Hackney Council faced ransomware attacks that had significant financial impact on their services, resulting in GBP10 million and GBP12 million worth of damages, respectively. The following year, a similar attack hit Gloucester City Council, affecting benefit payments, planning applications, and electoral data. The estimated cost to taxpayers for the council to rebuild its servers stands at around GBP845,000. More recently, Sefton Council said that it is fighting off over 30,000 cyberattacks a month, a rise of 50%. Meanwhile, a delay to critical IT updates led Bristol City Council to acknowledge that it is facing an increased risk of cyberattacks. UK councils were hit by 10,000 cyberattacks every day in August 2022, a 14% rise from the previous year.
Most UK councils have outdated cybersecurity
Almost two-thirds (59%) of senior leaders at UK councils say their approach to cybersecurity is outdated and that they are unable to afford the cost of a security breach, according to research by ERP SaaS provider TechnologyOne. It surveyed more than 500 senior managers at local authorities across the UK. The survey found that only a quarter ranked cybersecurity in their top three priorities whilst 26% acknowledged they have made "no progress" on upgrading cybersecurity. The councils falling behind most on cybersecurity are those in the South West, Yorkshire, North West, and Scotland, according to the research. The UK government's National Cyber Strategy 2022 includes focus on making the public sector more resilient to external threats and bringing local council cybersecurity up to speed.