It was a Sunday morning in mid-October 2020 when Rob Miller first learned there was a problem. The databases and IT systems at Hackney Council, in East London, suffered from outages. At the time, the UK was heading into the second deadly wave of the coronavirus pandemic, with millions of people living under lockdown restrictions and normal life being severely disrupted. But for Miller, a government strategic director, things were about to get much worse. “By lunchtime it was clear it was more than technical stuff,” says Miller.
Two days later, the leaders of Hackney Council, one of London’s 32 local authorities and responsible for the lives of more than 250,000 people, revealed that it was affected by a cyber attack. Criminal hackers had deployed ransomware that severely crippled the systems, leaving the municipality unable to care for the people who depended on it. The Pysa ransomware gang later claimed responsibility for the attack and claimed to publish weeks later data it stole from the municipality.
Today, more than two years later, Hackney Council is still dealing with the colossal aftermath of the ransomware attack. For about a year, many municipal services were unavailable. Crucial council systems, including housing benefit payments and social care services, did not function properly. Although services are now operational again, parts of the council are still not operating as they were before the attack.
A WIRED analysis of dozens of council meetings, minutes and documents reveals the magnitude of the disruption the ransomware caused for the council and, crucially, the thousands of people it serves. People’s health, housing situation and finances suffered under the attack of the insidious criminal group. The attack on Hackney is notable not only for its severity, but also for the amount of time it took the organization to recover and help those in need.
Local governments can be seen as complex machines. They are made up of thousands of people performing hundreds of services that touch almost every part of a person’s life. Most of this work goes unnoticed until something goes wrong. For Hackney, the ransomware attack brought the machine to a halt.
Among the hundreds of services Hackney Council provides are social care and childcare, waste collection, benefits to people in need of financial support and public housing. Many of these services are performed using internal technical systems and services. In many ways these can be considered critical infrastructure, making Hackney Council not much different from hospitals or energy suppliers.
“The attacks against public sector organizations such as municipalities, schools or universities are quite powerful,” said Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who studies the societal impact of ransomware. “It’s not like the energy grids are going down or a water supply is being disrupted…but they are things that are critical to everyday existence.”
All systems hosted on Hackney’s servers were affected, Miller told councilors at a public meeting assessing the 2022 ransomware attack. Social care, housing benefit, council tax, business rates and housing services were some of the most affected. Databases and records were not accessible – the municipality did not pay a ransom. “Most of our data and our IT systems that created that data were unavailable, which really had a devastating impact on the services we were able to provide, but also the work we do,” Lisa Stidle, the data and insights manager at Hackney Council, said last year in a conversation about the recovery of the municipality.