It was a Sunday morning in mid-October 2020 when Rob Miller first heard there was a problem. The databases and IT systems at Hackney Council, in East London, were suffering from outages. At the time, the UK was heading into its second deadly wave of the coronavirus pandemic, with millions living under lockdown restrictions and normal life severely disrupted. But for Miller, a strategic director at the public authority, things were about to get much worse. “By lunchtime, it was apparent that it was more than technical stuff,” Miller says.
Two days later, the leaders of Hackney Council—which is one of London’s 32 local authorities and responsible for the lives of more than 250,000 people—revealed it had been hit by a cyberattack
Today, more than two years later, Hackney Council is still dealing with the colossal aftermath of the ransomware attack. For around a year, many council services weren’t available. Crucial council systems—including housing benefit payments and social care services—weren’t functioning properly. While its services are now back up and running, parts of the council are still not operating as they were prior to the attack.
A WIRED analysis of dozens of council meetings, minutes, and documents reveals the scale of disruption the ransomware caused to the council and, crucially, the thousands of people it serves. People’s health, housing situations, and finances suffered as a result of the insidious criminal group’s attack. The attack against Hackney stands out not just because of its severity, but also the amount of time it has taken for the organization to recover and help people in need.
You can think of local governments as complex machines. They’re made up of thousands of people running hundreds of services that touch almost every part of a person’s life. Most of this work goes unnoticed until something goes wrong. For Hackney, the ransomware attack ground the machine to a halt.
Among the hundreds of services Hackney Council provides are social and children’s care, waste collection, benefits payments to people in need of financial support, and public housing. Many of these services are run using in-house technical systems and services. In many ways, these can be considered critical infrastructure, making the Hackney Council not dissimilar to hospitals or energy providers.
“The attacks against public sector organizations, like local councils, schools, or universities, are quite powerful,” says Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who is researching the societal impact of ransomware. “It’s not like the energy grids going down or like a water supply being disrupted … but it’s things that are crucial to the day-to-day existence.”