Countering Cyber Threats: Leicester City Council's Stand Against INC Ransom Group

Incident Date:

April 3, 2024

World map



Countering Cyber Threats: Leicester City Council's Stand Against INC Ransom Group


Leicester City Council


Inc Ransom


Leicester, United Kingdom

, United Kingdom

First Reported

April 3, 2024

Leicester City Council Suffers Ransomware Attack by INC Ransom Group


Leicester City Council, a local authority in the United Kingdom, has been targeted by the ransomware group INC Ransom. The attack was claimed on the group's dark web leak site, where they shared residents' passport details. The council's website, Leicester City Council, indicates that they operate in the Government sector.

Ransomware Attacks and Impact

Leicester City Council is a significant organization, serving the local community in Leicester, England. They provide a range of services, including child protection, adult social care safeguarding, and homelessness support. The attack has affected several critical services, causing disruptions and forcing the council to shut down its IT systems as a precaution.

The incident is part of a broader trend of disruptive cyberattacks affecting local authorities, with 67 ransomware attacks recorded in the first three quarters of 2023 compared to 13 during the whole of 2022. The attack on Leicester City Council follows a similar incident at NHS Dumfries and Galloway, which was also claimed by INC Ransom.

It is known that the group operates on a double extortion model, where they steal data before deploying the ransomware locker. This suggests that the council may have been targeted due to its sensitive data, which could have been used for extortion purposes.

The incident is still ongoing, with the council working to recover its systems and restore services. The council has not yet confirmed whether any data was compromised during the attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.