Countering Cyber Threats: Leicester City Council's Stand Against INC Ransom Group
Incident Date:
April 3, 2024
Overview
Title
Countering Cyber Threats: Leicester City Council's Stand Against INC Ransom Group
Victim
Leicester City Council
Attacker
Inc Ransom
Location
First Reported
April 3, 2024
Leicester City Council Suffers Ransomware Attack by INC Ransom Group
Overview
Leicester City Council, a local authority in the United Kingdom, has been targeted by the ransomware group INC Ransom. The attack was claimed on the group's dark web leak site, where they shared residents' passport details. The council's website, Leicester City Council, indicates that they operate in the Government sector.
Ransomware Attacks and Impact
Leicester City Council is a significant organization, serving the local community in Leicester, England. They provide a range of services, including child protection, adult social care safeguarding, and homelessness support. The attack has affected several critical services, causing disruptions and forcing the council to shut down its IT systems as a precaution.
The incident is part of a broader trend of disruptive cyberattacks affecting local authorities, with 67 ransomware attacks recorded in the first three quarters of 2023 compared to 13 during the whole of 2022. The attack on Leicester City Council follows a similar incident at NHS Dumfries and Galloway, which was also claimed by INC Ransom.
It is known that the group operates on a double extortion model, where they steal data before deploying the ransomware locker. This suggests that the council may have been targeted due to its sensitive data, which could have been used for extortion purposes.
The incident is still ongoing, with the council working to recover its systems and restore services. The council has not yet confirmed whether any data was compromised during the attack.
Sources
- Leicester City Council - Homepage
- Cybernews.com - Ransomware cartel claims Leicester City, shares data
- The Record - Leicester UK cyberattack: local council
- TechMarketView - Leicester City Council hit by cyber attack
- BBC News - Leicester: Personal data shared online after cyber-attack - council
- The Register - INC Ransom claims 'cyber incident' at UK city council
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.