Redcar cyber-attack: Council using pen and paper

RedcarImage copyright
Getty Images

More than 135,000 UK residents have been without online public services for nearly a week, as their council struggles with a cyber-attack.

Redcar and Cleveland Borough Council’s website and all computers at the authority were attacked on Saturday.

One cyber-security expert told the BBC the incident had all the hallmarks of a ransomware attack, in which files are scrambled until a ransom is paid.

But the council refused to confirm the nature of the hack.

Online appointment bookings, planning documents, social care advice and council housing complaints systems are just some of the services knocked offline.

The National Crime Agency said it was supporting the council.

A team of experts from the UK’s National Cyber Security Centre (NCSC) has been on site since the cyber-attack, which took place at 11am on Saturday.

The NCSC said: “We are aware of a cyber-incident affecting Redcar and Cleveland Borough Council.

“This is an isolated incident and we are supporting the organisation and working with partners to understand its impact.”

The leader of the council, Councillor Mary Lanigan, told the BBC: “Computers have been taken offline and systems are being rebuilt.

“We have a massive team here – including cyber-security experts – working around the clock flat out to get it fixed.

“They have to go through [IT systems] bit by bit to make sure everything is clean. A lot of our staff are not able to work without computers but they are coping quite well here. The main problem is that we have no email systems. so we have extra phone lines for residents.”

The website for council tax payments is still open and the council says frontline services are continuing, with staff using pen and paper.

The council says it is updating taxpayers using Facebook and Twitter.

Its latest update said: “We are still experiencing issues with our IT systems, which means we are working with a reduced capacity. We are able to receive and answer limited calls and emails and we will be prioritising urgent messages. There may be a slight delay in dealing with non-urgent calls and messages, and the council’s website is currently down.”

Local resident Claire Louise Corless complained on Facebook: “Should have really sent a letter out or emailed people, not everyone has Facebook to find out. I’m still waiting for my registration to be done online for weeks now. You would soon come after me if I didn’t pay my bill!”


The council and the NCA declined to say whether hackers were holding the council to ransom with a so-called ransomware attack.

Ransomware attacks are one of the most prolific and costly forms of cyber-attack, in which hackers take control of an organisation’s computer system and scramble their information until a ransom is paid.

Media captionTechnology explained: what is ransomware?

Currency exchange company Travelex is still dealing with the consequences of a ransomware attack, which took its online services offline for weeks.

The council said its current assessment indicated no sensitive personal data had been stolen.

It would not say whether or not data had been encrypted by hackers, or whether negotiations were taking place with cyber-criminals.

Security researcher Kevin Beaumont said: “It seems almost certain they have suffered a severe ransomware incident.

“The serious nature of the attack and the impact it has had should raise eyebrows with UK authorities about the need to put more resources into tackling cyber-crime groups.”

He added: “They are being open about the cyber-attack occurring, which is welcome, although it is a shame nothing is mentioned on their websites to reassure the public.

“If they plan not to pay the ransom it would be good to publicly state this, to discourage attacks on councils.”