Redcar and Cleveland Council back up and running after ransomware attack

Cyber attack in February rendered Council's website and many payment systems completely inoperable

Redcar and Cleveland Council says it has now recovered from the cyber attack which rendered many of its IT systems and the website completely inoperable in February.

According to the Council, its IT engineers responded quickly to the incident to ensure that remote working facilities were available for the employees who were working from home because of the coronavirus pandemic.

The IT team prioritised systems based on the service needs. This has helped the team to restore nearly 90 per cent of the IT systems, enabling the Council ' s front-line services to function as normal.

"We have comprehensive 24/7 threat monitoring in place and have received specialist advice from the National Cyber Security Centre and other industry experts during our recovery from the attack," a spokesman of the Council told the BBC.

The Council says its major IT systems were restored using earlier back-ups. IT engineers are currently working to restore a small number of other systems that were also affected, but have little on Council ' s external services.

According to the Council, its website has also been rebuilt.

An investigation is currently undergoing to identify threat actors behind the cyber attack - with the National Crime Agency leading the probe.

The BBC Local Democracy Reporting Service believes that no ransom money was paid to hackers by the Council.

Officials say it is still too early to provide an exact figure on the impact of cyber attack as teams are currently "working through the cost" of rebuilding and restoring systems.

Earlier in February, a cyber attack by an unidentified group disrupted service to thousands of residents while also forcing some council officials to use pen and paper to keep the services running.

The Council finally admitted the attack after nearly three weeks, saying that no private information had been compromised in the attack.

It disclosed it has had to rebuild servers and its website as part of its recovery from the attack, as well as creating a temporary call centre.

Independent member Colin Monson described the incident as a "serious disaster".

"I think this history of what has happened over the last couple of days is a clear indication that disaster recovery systems across the authority need a serious review," he said at the time.

In March, it emerged that the Council expelled some members of the public from a meeting where the attack was to be discussed. The move was made on the request of officials at the council who claimed that they could not answer councillors' questions in public because ' sensitive' information would be discussed.