The Impact of Runsomware Attacks on the Local Government and Society: A Study at Hackney Council in East London during the 2018 London Outage Season
The findings showed broadly that non-Russian ransomware gangs didn’t have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organizations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.
The data was used to compare the timing of attacks by groups based in Russia and groups in other countries. We found that Russia-based groups have an increase in the number of attacks starting four months before a election and moving three, two, and one month in after.
The data set was culled from the dark-web sites that ransomware gangs maintain to name and shame victims and pressure them to pay up. Two scholars at the internet observatory discussed the subject of double extortion attacks, in whichhackers break into a target network and steal data before planting malicious software to shut down the system. Then the attackers demand a ransom not only for the decryption key but to keep the stolen data secret instead of selling it. The researchers may not have captured every double-extortion actor’s information, but the data collection was thorough and the groups typically have an interest in publicizing their attacks.
Rob Miller heard that there was a problem on a Sunday in October 2020. The databases and IT systems at Hackney Council, in East London, were suffering from outages. Millions of people in the United Kingdom were going into a deadly wave of the coronaviruses, with normal life completely disrupted and restrictions on movement imposed. But for Miller, a strategic director at the public authority, things were about to get much worse. By lunchtime, it was obvious that it was more than technical.
Local governments are like complex machines. They’re made up of thousands of people running hundreds of services that touch almost every part of a person’s life. Most of this work is not seen until something goes wrong. The machine was stopped by the attack.
Benefits payments to people in need of financial support, public housing and social and children’s care are just some of the hundreds of services that the council provides. Many of these services use in-house technical systems. The Hackney Council can be consideredcritical infrastructure in many ways, like hospitals or energy providers.
“The attacks against public sector organizations, like local councils, schools, or universities, are quite powerful,” says Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who is researching the societal impact of ransomware. “It’s not like the energy grids going down or like a water supply being disrupted … but it’s things that are crucial to the day-to-day existence.”