Another English city, another cyberattack, British gov to blame say critics

A British National Security report warns of a 'catastrophic ransomware attack that could take down the government at any moment – this as another English city authority struggles to recover after a week-long cyberattack.

The City of Leicester, England – struggling to recover after suffering a March 7th cyber incident that forced city officials to shut down many municipal services and disconnect all phone lines – says it is moving into the recovery stage.

Leicester is the tenth largest city in England, the largest in the nation’s East Midlands region, and home of the internationally known Leicester City Football Club. The city has a population of more than 350,000 within its borders, and another 550,000 live in the city’s outlying urban areas, according to census reports.

“Some of our services, websites, systems, and forms are currently unavailable while we fix network issues,” the Leicester City Council website states about the March 7th attack.

On Wednesday, the Council announced it had gotten the “all-clear to start slowly bringing our services back online – but it's going to be a gradual process and it's going to take time.”

The city posted the message on its official X profile page, adding it could take at least two weeks before full functionality is restored, maybe longer.

The city also said it was still too soon to comment on the specifics of the attack, but is was working closely with specialists and the police to investigate what happened.

Local authorities attacks on the rise

According to Leicester officials, cyber incidents have become increasingly frequent, with many large organizations and other local authorities experiencing similar disruptions in recent years.

The same sentiment is echoed by the British Parliamentary Joint Committee on the National Security Strategy (JCNSS), which recently published a report claiming its failing government faces a “high risk” of attack.

The JCNSS labeled the government's stance toward the “large and imminent” threat of ransomware facing the nation – an “ostrich strategy” – meaning it was burying its head in the sand on the matter.

William Wright, CEO of Scotland-based cybersecurity firm Closed Door Security, said he would not be surprised if the attack on Leicester was carried out by one of the many ransomware groups operating today.

“Given the recent spate in ransomware attacks targeting public authorities, it’s likely to be ransomware,” Wright said.

“In the last year, there have been numerous ransomware attacks on local councils. Each incident has been costly, disruptive to society, and has put critical services in limbo for long periods of time,” he said.

Last Thursday’s attack on Leicester affected some of the city’s “front-line services,” including the ability to contact emergency services, including adult, homeless, and child protective services.

Leicester City cyber incident webpage
Image by Cybernews.

Although most systems were taken offline immediately after the attack as a precaution, fortunately, the City Council has been able to post regular updates on its website, which remained unaffected by the hack.

The city was also able to temporarily reroute emergency numbers through alternate phone systems and list those new numbers on the city website. Other departments, such as payments, housing, maintenance, and school transportation, are still being reported down.

Leicester is the example

Meantime, the city said it is unable to determine what, if any, sensitive data belonging to residents and Leicester employees may have been compromised in the attack.

“Although it’s still too soon to comment on the specifics of this incident, we’re continuing to work closely with specialist agencies and the police as they carry out their investigations into what happened,” officials said.

Wright is hoping the government will use this latest attack on Leicester City Council as a reminder of its vulnerability, and as a wakeup call.

“Cybercrime has evolved beyond its digital parameters, and it can now cause real world damage. It’s critical we take every effort to protect society," he said.

Wright explained that although the government disagreed with the committees’s report that it was not doing enough to prevent the threat of ransomware, "it's up to the Critical National Infrastructure (CNI), government, public and private sector organizations that have access to information and technical skills to keep their assets and services safe."

“Otherwise, these attacks will just keep happening, and before long something very serious will happen," Wright said.

Leicester City Hall building
Leicester City Hall. Image by Leicester City Council.

Electric, water, and gas easy targets

Cybersecurity expert Mike Newman, CEO of Identity And Access Management firm My1Login, agrees with Wright's assessment. “This was a damning report on the government, and the response to its findings raise further alarms,” he said.

“Burying heads in response to the threat is not the answer,” Newman explained. "If the report is correct, the UK is highly vulnerable to a devastating ransomware attack," he pointed out.

“Nation-state attacks are becoming more frequent, so the chances of an adversary targeting the UK to cause societal damage are highly likely. The government must work to improve its defenses before it’s too late,” Newman said.

Newman points out that although no one can say for sure what the JCNSS's 'catastrophic attack' would look like, he says that "with automation now being used to facilitate electrical, water, and gas supplies into peoples’ homes, there is a high chance important utilities would be the target.”

So far, it’s also still unclear what caused the breach in the Leicester network systems, and to date, no ransom group has taken claim for the attack or attempted to extort the city council authority – at least no information that has been disclosed publicly.

Newman explains that "ransomware attacks are often initially executed through employee social engineering or phishing," stressing the need to prioritize security measures that help eliminate "password phishing risks" and the theft of other employee credentials.

“While some public sector and government organizations are leading the way in prioritizing their defenses against cybercriminals, there is still a long way to go,” Newman added..

The Information Commissioner's Office, the National Cyber Security Centre and local police, who are helping to restore services, were all notified about the Leicester cyberattack.