A coordinated ransomware attack has disrupted IT systems for at least eight local councils in London, causing significant disruptions to public services.

Continue reading
A significant, coordinated cyberattack has targeted the shared IT infrastructure of at least eight London boroughs, severely degrading public services. The incident is identified as a ransomware campaign, impacting systems managed under a common provider model. National cybersecurity authorities are engaged in a critical response operation.
The attack vector follows a classic ransomware payload deployment, but its impact is magnified due to the centralized infrastructure model.
| Impact Area | Technical Manifestation | Service-Level Consequence |
|---|---|---|
| Core Infrastructure | Widespread encryption of data assets across shared servers and databases. | Systemic outage of primary business applications and citizen portals. |
| Communication Channels | Email server clusters and VoIP systems taken offline as a containment measure. | Severely hampered internal coordination and public communication. |
| Citizen Services | Housing repair platforms, benefits processing systems (Housing Benefit, Council Tax Support), and planning application portals rendered inoperative. | Halting of critical financial support services and statutory functions. |
| Data Exfiltration | UNCONFIRMED. Standard investigative procedure is to assess for Indicators of Compromise (IoCs) related to data theft, a common double-extortion tactic. | Potential for significant data breach, elevating risk beyond operational disruption to long-term privacy concerns. |
The threat actors exploited the single points of failure inherent in the shared-services model provided by London Councils.
The response has been escalated to the national level, indicating the severity of the incident.
This incident transcends a typical IT outage; it is a systemic failure of a critical public service platform. The restoration of services is the immediate priority. Still, the long-term consequences will involve a mandatory, thorough post-incident review of shared service security architectures, data governance policies, and incident response playbooks across the entire UK public sector.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation