In 2020, UK councils notified the Information Commissioner’s Office (ICO) of over 700 data breaches, with one particular council reporting 29 different breaches in a single year.

Among the most serious forms of cybercrime related to data breaches are ransomware attacks. These insidious attacks involve locking victims out of their core IT systems and databases. In recent years, this type of cyberattack has often included data being stolen as leverage to force targets to give into their demands.

Today, we’re going to take a closer look at ransomware, how attacks work and what damage they can cause for councils. We’ll also examine why local authorities make ideal targets for this brand of cybercrime.

What is ransomware?

In brief, ransomware is a malicious type of software. Sometimes referred to by the term “crypto malware”, ransomware is designed to effectively encrypt an organisation or government offices systems and data, locking out authorised users until they obtain a decryption key. Ransomware can lock people out of their computer operating systems, servers, email accounts and dedicated devices.

How does ransomware get onto council systems in the first place?

Ransomware can be deployed through exploit kits in a drive-by download, or semi-manually via automated active adversaries. The most common way a ransomware payload is delivered is through a malicious spam email.

How does a typical ransomware attack work?

Once the ransomware has infected a device or network it encrypts the systems and files believed by the attacker to be of most value. It has become common practice for many ransomware gangs to also steal data when they exfiltrate systems. An electronic ransom note is then left on the victim’s system where it can easily be viewed, commonly in the form of a landing page, but sometimes a simple text file.

The ransom note details a payment the attacker demands in return for a decryption device and the deletion of stolen data files. Payments are typically requested in crypto currency as this is difficult for the authorities to track, allowing ransomware gangs to escape without capture.

What happens when victims refuse to pay?

In some cases, councils and companies are able to restore their systems and databases from fresh backups. When this is the case, they may refuse to give into ransom demands and pay up. This is when the stolen data becomes useful to ransomware groups. To force a payment, they usually threaten to release the sensitive data files online or sell them at auction on the dark web.

Providers of essential services

UK councils often support tens of thousands of people who depend on the key services they provide on a daily basis. This is a prime reason why ransomware gangs target local authorities. Ransomware operators are like terrorists in the way that they thrive in environments where they cause the most disruption for their victims.

When a council is forced offline because of a ransomware attack, this can mean citizens are left without access to what are sometimes critical services. Members of the community may be sheltered or infirm and will require these vital services to be up and running to ensure their health and safety. This kind of chaos is exactly what ransomware operators need to succeed. When councils and companies provide key services and cannot deliver them, they are more likely to give in to demands and pay up for the return of their systems.

Keepers of sensitive data

Ransomware operators not only pick their targets according to the services they offer, but also the sensitivity of the data they store and use. As mentioned, confidential information is often stolen when ransomware gangs infiltrate a council or company. An attack on Hackney Council’s services and IT systems last October saw data stolen during the attack published online by the threat operators responsible.

When private information belonging to a data subject is disclosed, it constitutes a data breach. If an organisation is found to have taken insufficient security measures, the consequences can be severe for all involved.

Local councils must retain numerous types of personally identifiable information (PII) on those living within the borough they are charged with looking after, such as names, dates of birth, addresses, and even financial details and private medical records. Information may be emailed, shared or stored on servers, but if unsecured it can be exploited and exposed by cybercriminals like ransomware gangs.

High-profile targets

Cybercriminals like ransomware groups must hit the headlines if they want to be recognised as a threat. Attacking local councils and causing panic and disruption can encourage other victims to pay up, as a government target is exceptionally high-profile.

Lacking in technical abilities

Council budgets do not always allow for the resources necessary to employ a qualified cybersecurity team. Research conducted this year found that only half of all council staff members undertook cybersecurity training last year. It also found the around 45% of UK councils were hiring no employees with approved security certification.

This is a major vulnerability for councils and makes them a potential target for ransomware gangs. If councils do not have the skillset required to protect their systems and data, they may need to outsource this area of expertise or find a more cost-effective solution to increase their cybersecurity.

Specialist systems for advanced data protection

With knowledge obtained assisting local authorities, educational institutions and businesses, we at Galaxkey have developed our most secure system where enterprise professionals and council teams alike can benefit from improved security. Combining our technical expertise with direct experience of the cyber security challenges businesses and governments are now facing, we have designed the Galaxkey workspace.

Packed with powerful tools, our system offers council teams access to cutting-edge encryption to lock data away from cybercriminals. Exceptionally user-friendly, staff can quickly add three-layer encryption to data whether it is being stored, shared or sent via an email in an attachment.

If your council offices are ready to protect the information you retain from damaging and disruptive ransomware attacks, contact us today to book your free two-week trial.