A local authority in the UK hit by suspected Russian actors has set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports.
Gloucester City Council discovered the breach back in December and warned at the time that it could take up to six months to fix as servers would need rebuilding.
However, even the six-figure sum reserved to handle the fall-out of the incident may not be enough, councillors have admitted.
One Conservative councillor reportedly claimed that as the recovery continues, and full cost implications are understood, “sources of funding will then need to be identified.”
Referring to other cyber-incidents impacting local government bodies in the UK, Liberal Democrat councillor Declan Wilson had asked a cabinet meeting whether £380,000 would be enough.
“Are you confident this reserve is sufficient, and the city council is not being exposed to the risk of having to deal with costs it can’t afford?” he said, according to the BBC-funded Local Democracy Reporting Service.
Earlier this year it emerged that an October 2020 ransomware attack on Hackney Council in London could end up costing the authority as much as £10m as it rebuilds IT systems.
Another 2020 incident, impacting the north-east’s Redcar & Cleveland Borough Council, was purported to cost around the same, including £2.4m needed for infrastructure and system recovery or replacement, and unspecified losses due to lower council tax and business collection rates.
The Gloucester attack has been blamed on Russian attackers. Following a phishing email, “sleeper” malware was reportedly activated, although the end goal is still unclear.
Housing benefit, council tax support, test and trace support payments, discretionary housing payments and other online services were disrupted as a result.
In 2017, the UK’s data protection watchdog fined the council £100,000 after its failure to patch the notorious Heartbleed vulnerability three years previously enabled hackers to access council email inboxes.
There, they downloaded 30,000 emails containing sensitive personal and financial information.