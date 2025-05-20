An IT expert who appears on a BBC documentary into a devastating cyber attack at Redcar and Cleveland Council says it “likely wasn’t a sophisticated, targeted operation”.

Hackers believed to be part of a Russian criminal network hit computer systems at the local authority back in February 2020, demanding a ransom payment that was never paid.

The cost of the attack, which brought down computer-based services, took the council’s website offline and forced some staff to rely on pen and paper, was put at more than £10m, although estimates varied.

The Government later paid £3.6m towards the costs of the recovery operation, which took many months, while officers from the National Security Cyber Centre – part of GCHQ – were dispatched to Redcar to help with the efforts.

Councillor Mary Lanigan, the former leader of Redcar and Cleveland Council, giving evidence to a Parliamentary committee in January 2023 investigating ransomware attacks.

Garry Brown, managing director of Darlington-based Bondgate IT, which has assisted both public and private sector organisations with their cyber resillience, was interviewed for the programme ‘Cyber Siege: From Russia to Redcar’ in order to provide an expert view.

Mr Brown said: “The Redcar attack likely wasn’t a sophisticated, targeted operation – it was more like a thief trying every door on a street until they found one unlocked.

“Unfortunately, the council’s systems were that unlocked door.”

A so-called phishing e-mail contained an attachment with a malicious piece of software inside – ransomware – which after being opened on a council laptop, lay dormant within the council’s network until remotely activated by the hackers, causing files and systems to be scrambled.

Mr Brown said: “That’s why cyber resilience is so critical.

“Staff need to be trained to spot suspicious messages, verify requests for sensitive data offline, and avoid installing unverified software – especially on work devices.

“No one is too big to be breached.

“The key is preparation, vigilance, and a culture of security awareness.

“Behind every breach there are consequences for real people.

“In this instance, residents – many vulnerable – were unable to access vital services, in addition to the severe financial cost to the local authority.”

External auditors employed by the council deemed the council’s security arrangements to be “reasonable” and without major flaws, although these were said by officers to be “commensurate” with the resources available to it.

Meanwhile, a council ‘task and finish’ group, formed from one of its scrutiny committees later concluded that while controls in place were in accordance with national guidelines, they had in fact been “totally inadequate”.

After the incident, the council adopted an ‘early warning system’ which monitors council IT set-ups for vulnerabilities and issues and sends alerts where they are found, and has also signed up to a Cyber Assessment Framework provided by the Government.

Regular testing is also delivered to staff and councillors to recognise phishing e-mails which are the most likely initial route of attack.

Despite this a corporate risk assessment update issued towards the end of last year said: “Even though there are several controls in place, we are aware of regular successful attacks on other similar organisations and, therefore, [cyber attack] remains a real threat.”

The council did not take part in the documentary, but former leader Mary Lanigan, who was in charge at the time, was interviewed.

She told the programme: “It was devastating. Devastating for us, for the staff and the public.”

The former councillor previously told a Parliamentary inquiry she had refused to pay a ransom demanded by the criminals responsible for the 2020 attack.

Explaining the impact at the time, she said: “We lost everything, the whole lot, it was catastrophic.

“We could not take in payments for rates or bills, we had no records or documents, we had no telephone service or e-mails, no functioning computers.

“The cost to the local authority was massive, we had to bring in external expertise and put new systems in.

“It took us eight and-a-half months to fully put things back together.”

In 2023 governments in the UK and US sanctioned seven Russian men for their links to various ransomware attacks which over recent years have hit not only local councils, but hospitals, schools and private businesses.

But attempts at such attacks have continued, most notably recently on retail giants M&S and the Co-op.