It was a Sunday morning in mid-October 2020 when Rob Miller first heard there was a problem. The databases and IT systems at Hackney Council, in East London, were suffering from outages. At the time, the UK was heading into its second deadly wave of the coronavirus pandemic, with millions living under lockdown restrictions and normal life severely disrupted. But for Miller, a strategic director at the public authority, things were about to get much worse. “By lunchtime, it was apparent that it was more than technical stuff,” Miller says.
Two days later, the leaders of Hackney Council—which is one of London’s 32 local authorities and responsible for the lives of more than 250,000 people—revealed it had been hit by a cyberattack. Criminal hackers had deployed ransomware that severely crippled its systems, limiting the council’s ability to look after the people who depend on it. The Pysa ransomware gang later claimed responsibility for the attack and, weeks later, claimed to be publishing data it stole from the council.
Today, more than two years later, Hackney Council is still dealing with the colossal aftermath of the ransomware attack. For around a year, many council services weren’t available. Crucial council systems—including housing benefit payments and social care services—weren’t functioning properly. While its services are now back up and running, parts of the council are still not operating as they were prior to the attack.
A WIRED analysis of dozens of council meetings, minutes, and documents reveals the scale of disruption the ransomware caused to the council and, crucially, the thousands of people it serves...