It was a Sunday morning in mid-October 2020 when Rob Miller first heard there was a problem. Databases and computer systems at Hackney Council in east London were suffering from outages. At the time, the UK was heading into its deadly second wave of the coronavirus pandemic, with millions living under lockdown restrictions and normal life severely disrupted. But for Miller, strategic director of the public authority, things were going to get much worse. “By lunchtime, it was obvious it was more than technical stuff,” Miller says.
Two days later, leaders of Hackney Council, which is one of London’s 32 local authorities and responsible for the lives of more than 250,000 people, revealed it had been hit by a cyberattack. Hackers had deployed ransomware that severely crippled its systems, limiting the council’s ability to care for people who depend on it. The Pysa ransomware gang later claimed responsibility for the attack and, weeks later, claimed to release data it had stolen from the council.
Today, more than two years later, the Hackney Council is still grappling with the colossal consequences of the ransomware attack. For about a year, many municipal services were not available. Crucial municipal systems, including housing benefit payments and social care services, were not functioning properly. Although its services are operational again, some parts of the council still do not function as they did before the attack.
A WIRED analysis of dozens of council meetings, minutes and documents reveals the extent of the disruption the ransomware has caused to the council and, more importantly, to the thousands of people it serves. People’s health, housing conditions and finances have suffered as a result of the criminal group’s insidious attack. The Hackney attack stands out not only for its severity, but also for the time it took the organization to recover and help those in need.
Ransom demands
You can think of local governments as complex machines. They are made up of thousands of people who run hundreds of services that touch almost every aspect of a person’s life. Most of this work goes unnoticed until something goes wrong. For Hackney, the ransomware attack crippled the machine.
Among the hundreds of services provided by Hackney Council are social care and childcare, waste collection, payment of benefits to people in need of financial support and public housing. Many of these services are managed using in-house technical systems and services. In many ways, these can be considered critical infrastructure, making Hackney Council similar to hospitals or energy providers.
“Attacks against public sector organisations, such as local councils, schools or universities, are quite powerful,” says Jamie MacColl, cybersecurity and threat researcher at think tank RUSI, which studies the societal impact of cybersecurity threats. ransomware. “It’s not like energy grids failing or water supplies being interrupted…but these are things that are crucial to day-to-day existence.”
All systems hosted on Hackney’s servers were affected, Miller told advisers at a public meeting assessing the ransomware attack in 2022. Social care, housing allowance, council tax, tariffs professionals and housing services have been among the hardest hit. Databases and records were not accessible – the council did not pay any ransom demands. “Most of our data and our IT systems that created that data were unavailable, which really had a devastating impact on the services we were able to provide, but also on the work we do,” said Lisa Stidle, data and insights. director of the Hackney Council, said at a council re-establishment conference last year.
