The council networks of the Merseyside town of St. Helens has been targeted with a ransomware attack.
The attack began on Monday the 21st August and is still causing issues for the council and its ability to operate some services.
“We are currently dealing with a suspected Ransomware incident on the councils IT systems and networks.
The attack was first identified on Monday, August 21 and we immediately alerted our external cyber security contractor to investigate this issue further.
We have now put in place a number of security measures to keep our IT networks running safely.
We are continuing to provide council services via our website.
Some internal systems to the council are currently being affected due to the actions we have put in place to prevent any further impact, and whilst a full investigation is undertaken.
While we work through this ongoing situation we would recommend that residents are mindful of how to keep themselves safe online and be alert to any communications they may have received from the council.”
St Helens council cyber attack statement
The council website currently displays a message about the ongoing incident with links to online safety advice for concerned residents.
Compromised data?
At this point in time, the council has not released any detail regarding whether any resident data was stolen before the ransomware was deployed, although they have released specific advise about phishing attacks which suggests that personal data may have been compromised.
The phishing advice states:
“We are urging residents to watch out for online scams and have some helpful tips for what to do if you have been contacted by a scammer.
You might receive an email, claiming to be from your bank informing you that a new direct debit has been set up. The email will look real, and will include links to click on to confirm your details.
This email is a fake email known as phishing. Criminals use fake messages to get you to click on links in order to get sensitive information such as your bank details.
You should always question unsolicited calls, texts or emails requesting your personal or financial information (name, address, bank details, email or phone number).
Instead, contact the company directly using a known email or phone number.”