top of page

News & Views

Leicester City Council under attack

With Leicester City Council revealing that approximately 25 confidential documents including rent statements, passport information and applications to buy council housing are online follow a cyber-attack*, we ask Dirk Schrader, Field CISO and Vice President of security research, Netwrix (, about the type of best practices organizations can adopt in order to avoid similar cyberattacks.

“The culprits of this attack are the infamous ransomware gang, INC Ransom, who are notoriously known for targeting government and healthcare organizations.  The INC Ransom group has published a limited number of documents to gain attention, solidify the reputation of a dangerous adversary, and create further anxiety.  They will likely leverage the exfiltrated data in future attacks, including impersonation or scams, to extract money.”

“Other public entities should stay vigilant and make sure to get prepared accordingly.  Typically, there are three stages in the attack.  First, bad actors gain access to some part of the IT infrastructure to have ‘a foot in the door’.  Next, they infiltrate deeper, expanding their control over a victim's digital assets.  Finally, they impair the operations and extract sensitive data.”
“With this in mind, the first step towards ransomware protection will be to adapt digital assets to the known cyber risks.  The most likely scenarios include account takeover by phishing campaigns, brute force password cracking, and exploiting vulnerable configurations, to name a few.  Implementing the least privilege approach and system hardening will help to mitigate these risks.”
“Second, it is crucial to anticipate new risks where threat actors change their tactics, techniques, and procedures.  Switching to modern security solutions and updating them in a timely manner significantly reduces the number of vulnerabilities that adversaries can exploit.”
“Finally, it is crucial to ensure that an organization is capable of functioning while being under attack and can recover from it.  Organizations should take regular care of their backups and exercise restoration processes to make sure everything runs smoothly when the time comes.”

More information about the attack can be found at

bottom of page