back to article UK council won't say whether two-week 'cyber incident' impacted resident data

Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details. Progress updates posted to its website are still referring to the widespread outage as a "cyber incident," failing to even confirm whether data has been compromised or whether ransomware is involved, which some …

  1. Doctor Syntax Silver badge

    If they're saying nothing things must be really so bad that they've even lost the scripts to "Your security is important to us, only a small number of people etc".

  2. Flak

    Ah, trust...

    So hard to gain, so easy to lose:

    "[the council's] website is still safe to use, and that they [users] may trust emails coming from council sources, including any attachments that come with them."

    Right...

  3. JimC

    Pilots have an axiom for emergencies:

    Aviate, Navigate, Communicate.

    Where do you suppose talking to the press comes on that list?

    1. Anonymous Coward
      Anonymous Coward

      Re: Pilots have an axiom for emergencies:

      That'll be in the communicate section, comes after the first two. I suspect they're struggling to fly the plane, and won't pull the recovery chute as that removes all other options

      Navigating a "cyber incident" (let's be honest, it's proably ransomware and they're probably fucked) is hard, I know, I've done it.

      I suspect those on the ground haven't told those at the top how fucked they are yet...

      1. Doctor Syntax Silver badge

        Re: Pilots have an axiom for emergencies:

        "I suspect those on the ground haven't told those at the top how fucked they are yet."

        They must have tried. But there's none so deaf as those who won't listen.

      2. Anonymous Coward
        Anonymous Coward

        Re: Pilots have an axiom for emergencies:

        I've done a full - take half the servers in the company down - Ransomware attack.

        Now my company doesn't have the finest IT dept on the planet but there's nothing like a crisis to bring everyone together. Had our core back within 3 days and the long tail of random shizzle back within 2 weeks.

        Helped by paying the ransom - which I'd tend to advise unless your running active-active or hot backups and have some way of firewalling the secondary/backup from the ransomware.

        Thing about ransomware its clever and insidious and can be running for a significant period of time encrypting random files until it hits a critical one. So your backups get "corrupted" to.

        As does your OS.

        So you are looking at server wiping, Data Loss and probably manual recovery -- if you are lucky. Much cleaner to decrypt in place with the key - if the ransom folks are remotely trustworthy. And they generally are on this. Because they want to get paid every time.

        We were able to crash push Jenkins + a Ransomware killer + a decrypter out to every machine in the estate and essentially run massively parallel decryption. Hardest bit was getting Jenkins on the 10% of awkward servers who refused the push or were too full of encrypted files to receive anything.

    2. Gordon 10 Silver badge
      FAIL

      BZZZTTT FAIL

      BOFH Cattle prod of doom for you.

      IT Estate is not a plane.

      ITIL (or any other framework worth its name) has an Incident Management process that includes a role for Incident Comms, that should cover all your user stakeholders including the general public .... and for which the press is a valid comms channel.

      Your ERP goes down and you're not giving the CFO hourly updates on the expected recovery time and process - your IT dept is a clown car.

      Its been 20 years since I've done IM. This is basic stuff.

      1. Doctor Syntax Silver badge

        Re: BZZZTTT FAIL

        "Your ERP goes down and you're not giving the CFO hourly updates on the expected recovery time and process - your IT dept is a clown car."

        The best responses here are along the lines of "It'll be back when it's back. Now get off my back." or "Do you want me to fix it or stay here talking to you about fixing it?"

        As to the OP's comment he is actually saying the same thing as you and making the point that what both of you are recommending isn't being done in this case.

        1. Gordon 10 Silver badge
          FAIL

          Re: BZZZTTT FAIL

          "As to the OP's comment he is actually saying the same thing"

          No he's not. He's suggesting a serial process because you can only ever have 2 pilots.

          Incident Management is parallel process.

          PLAN

          FIX

          COMMUNICATE

          1. Anonymous Coward
            Anonymous Coward

            Re: BZZZTTT FAIL

            you can only ever have 2 pilots.

            Wrong. There used to be three pilots in an airliner cockpit! "Flight Engineer" used to be a cockpit job, with said engineer being a fully-trained pilot. When things are falling apart, I want as many trained human minds in the cockpit working on the problem(s) as possible.

            Airlines bribed/pressured the world's civil aviation authorities to allow them to put just two pilots in the cockpit (because that costs them less money), saying some booshwah as, "Electronic Cockpit ... automations reduce pilot workload ... thick brown envelope for you here ... also photos of you with your secretary on the Riviera ... stunning profile, ought to be in the Sun ... your wife surely is the understanding type ... middle-aged fling ... blockchain ... crypto ... AI ... (insert more buzzwords here, relevant-or-not).

    3. Ian Johnston Silver badge

      Re: Pilots have an axiom for emergencies:

      There are only one or two pilots, hence the rule. There's an entire bloody council which could be communicating. Though to be fair, maybe they are trying to and can't.

    4. anonymous boring coward Silver badge

      Re: Pilots have an axiom for emergencies:

      Pilots are on or two on the job. And they risk falling out of the sky,

      Not comparable to a council.

  4. ffRewind

    "...residents can still pay fixed penalty notices, which are issued for low-level crimes such as littering and not paying for car parking."

    Great news as this sounds like the perfect time to be handing over credit card information.

    1. Graham Cobb

      I'd be less worried about that (credit card data gets stolen all the time - I presume the CC companies are used to dealing with it) than that the payment you've just made disappears when someone finds a more recent backup tape to load during the process of trying to restore services.

    2. Handlebars

      You probably put your card details into a separate page run by the payment processor. That's how it works where I live.

      1. anonymous boring coward Silver badge

        You have to trust you are actually looking at the payment processor then, and not a fake mock-up.

        See the problem here?

        1. anonymous boring coward Silver badge

          If you downvote that, you apparently don't understand the problem?

          In that case you are a prime target for scammers.

  5. b1k3rdude

    Whats am I missing here?

    Arent companies (and councils) legally required to disclose cyber attacks and the details of the attack..? Failure to do do result in hefty fines..?

    1. IGotOut Silver badge

      Re: Whats am I missing here?

      To the relevant authorities, not Joe Public

  6. Tron Silver badge

    Transparency is a fundamental part of honest, well run government.

    So don't expect it in the UK, nationally or locally.

  7. Anonymous Coward
    Anonymous Coward

    Nothing to see here

    …yet…

  8. anonymous boring coward Silver badge

    "they may trust emails coming from council sources, including any attachments that come with them"

    You don't trust attachments. Ever.

    If it wants to run something, it's a stone cold NO.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like