Leicester City Council has acknowledged that a ransomware gang orchestrated the recent “cyber incident” and stole data, following pressure from the criminals.
The attack began almost a month ago, on March 7. Initially, the council avoided confirming if ransomware was involved or if data was compromised. However, this changed when INC Ransom, which had hinted at its involvement earlier, leaked a cache of documents from council servers.
The gang claimed to have obtained around 3 TB of private information, including residents’ identification documents, bank statements, and official council forms.
UK City Council Members (Credits: Birmingham Live)
Shortly after the leak, Richard Sword, the council’s strategic director, issued a statement confirming the breach and expressing concern for those affected. The council is actively reaching out to individuals impacted by the breach and has informed the relevant authorities, including the Information Commissioner.
While the full extent of data theft remains uncertain, the council is collaborating with cybersecurity agencies and law enforcement to address the situation.
Residents are advised to remain vigilant against potential fraudulent activities related to their accounts but assured that engaging with the council for routine tasks like paying council tax is safe.
Despite the attack, the council has largely recovered, with most systems and services restored to normal operations. Council-run facilities such as recreation centers and public internet access at libraries are also operational again.
UK City Council Members (Credits: Peninsula News Review)
This attack on Leicester City Council is attributed to INC Ransom, which was also behind a recent attack on NHS Dumfries and Galloway in Scotland.
INC Ransom has benefited from disruptions in other ransomware groups due to law enforcement efforts against LockBit and ALPHV/BlackCat, which were previously major players in the ransomware industry.
According to cybersecurity analyst Dominic Alvieri, three ransomware groups, including INC Ransom, have seen an increase in victims following the disruptions to LockBit and ALPHV. INC Ransom registered 23 new victims in the past month, similar to other beneficiary groups like Medusa and Hunters International.
INC Ransom’s activities highlight the evolving nature of cyber threats and the challenges faced by organizations in protecting sensitive data. The incident serves as a reminder for enhanced cybersecurity measures and proactive defense against ransomware attacks.
