Hackney Council in London has today confirmed that it has been targeted by a “serious cyberattack” that has impacted a wide selection of services and its IT systems.

The attack was confirmed by Philip Glanville, Mayor of Hackney, on the council’s website.

“Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems,” he wrote.

“Council officers have been working closely with the National Cyber Security Centre, external experts and the Ministry of Housing, Communities and Local Government to investigate and understand the impact of the incident.”

Hackney is home to 246,300 residents as well as a host of businesses, including many of London’s tech companies located in Shoreditch and around Silicon Roundabout.

Hackney Council cyberattack: Ransomware?

At present Hackney Council has been unable to provide precise information about the nature of the cyberattack, exactly which systems are impacted or if there has been any data loss.

Glanville said that the priority would be ensuring the delivery of “essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible”.

However, the nature of the incident has led some experts to speculate that it is the result of a ransomware attack, including a Jake Moore, cybersecurity specialist at ESET.

Moore highlighted the particular challenges that councils face when tasked with dealing with a cyberattack.

“This bears all the hallmarks of a ransomware attack, but what we should be worried about is the new direction that threat actors are taking these days, where they not only encrypt the data but they threaten to release it too,” he said.

“Councils which may lack funding, and consequently may not have the strongest network protection, can be an easy target for those looking for vulnerabilities to exploit. Unfortunately, there is big money to be made and criminal hackers are quick to adapt and make their crime pay.”

Others have highlighted the increased cybersecurity risks that remote working pose.

“At a time when local councils are spending much of their time focused on issues relating to Covid-19, the last thing that they need is the stress that a cyberattack brings,” said Stuart Reed, UK director of Orange Cyberdefense.

“Unfortunately cybercriminals will often prey on organisations that they know are under pressure, and while details of this particular incident have yet to be revealed, since the outbreak of the pandemic we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems.

The fact that so many employees have been working from home has increased the risk of social engineering – an increased dependence on ‘virtual’ communications like email, video conferencing and calls, renders users more vulnerable to social engineering attacks.”

Hackney Council has asked not to be contacted “unless absolutely necessary” while it responds to the cyberattack.


Read more: Ransomware resilience – what’s the best defence?