Gloucester City Council (GCC) experienced a sophisticated ransomware attack that encrypted its servers and disrupted services. The attack began with a spear-phishing email, which led to malware installation and eventual data exfiltration and server encryption.
Challenges
- Loss of access to IT systems and data
- Disruption to public-facing services, ranging from a few days to several months
- Potential data breach, with around 240,000 files transferred to an unknown destination
- Communication difficulties with business partners who blocked electronic communications
- Balancing the need for quick service restoration with security considerations
Approach
- Immediate activation of business continuity plans
- Engagement with National Cyber Security Centre (NCSC) and National Crime Agency (NCA)
- Implementation of temporary workarounds for critical services
- Decision to build a completely new system rather than restoring the old one
- Transition to cloud-hosted solutions for line of business applications
- Enhanced security measures, including implementing security information and event management (SIEM)
Outcomes and benefits
- Successful restoration of critical services, including timely benefit payments
- Implementation of a more robust and secure IT infrastructure
- Improved cyber security awareness and practices among staff
- Enhanced business continuity and disaster recovery plans
- Strengthened relationships with partner organisations and support networks
Lessons learnt
- The importance of having a specific cyber incident plan, including a communications strategy
- Dangers of customising applications, which can cause compatibility issues during recovery
- Need for more focused training on cyber threats, data protection and file management
- Importance of cautious dealings with external suppliers, including the use of a supplier risk dashboard
- Recognition that despite preparations, cyber attacks can happen to any organisation
- Value of cloud-hosted solutions in minimising disruption during cyber incidents
View original case study article at local.gov.uk