More cyber-attacks coming warns Gloucester City Council leader

A council which had its website knocked out by a cyber-attack was "as well prepared as any other", according to its managing director.

Gloucester City Council's systems and services were crippled for months by a ransomware attack in December 2021

Hackers sent an e-mail, releasing malicious software which made almost every council system inaccessible.

Jon McGinty, the council's managing director, said it is a case of "when not if" other councils are hit.

The breach disrupted housing benefit claims, council tax payments, leisure centre bookings among other things, according to the Local Democracy Reporting Service, external.

Mr McGinty, who now advises other authorities on cyber-attacks, told an Overview and Scrutiny Committee the city council had spent millions on improving cyber defences prior to the attack.

"I don't think anyone can be 100 per cent safe. This council was not careless or unprepared for the attack," he said.

"It was as well prepared as any other council I know of, and I spend a lot of time talking cyber to a lot of councils."

In December 2021, the council's networks and servers were encrypted with ransomware, a specialised software that scrambles information stored on a computer and asks for payment to unscramble it.

Investigators were able to determine the attack came from a specially-crafted e-mail designed to look like part of an ongoing conversation with one of the council's suppliers.

The authority had to rebuild all of its services and was commended for finding creative solutions to continue to serve the public.

But the Information Commissioner's Office (ICO) found the council did not have a central logging system, to help detect the attack and prevent it from spreading.

The data watchdog has asked the council to perform a full review of its backup and disaster recovery measures.

Follow BBC West on Facebook, external, X, external and Instagram, external. Send your story ideas to: bristol@bbc.co.uk , external