Redcar and Cleveland Council Ransomware Attack 2020: £11M Recovery Cost
In February 2020, Redcar and Cleveland Borough Council was struck by ransomware — one of the first major ransomware attacks on a UK local authority in what would become a wave of incidents. The council's systems were crippled for weeks, residents could not access online services, and staff resorted to pen and paper. The recovery cost was estimated at £11 million — making it one of the most expensive cyber incidents in UK local government history.
Redcar and Cleveland Council's 2020 ransomware attack cost an estimated £11 million to recover from — equivalent to a significant proportion of the council's annual IT budget.
What Happened at Redcar and Cleveland
The ransomware attack on Redcar and Cleveland struck in February 2020. The council's network was compromised, and ransomware was deployed that disabled a wide range of council systems. Online services went offline. Council staff were unable to access their computers and resorted to manual working. The council declared a major incident and called in the NCSC for support.
The £11M Recovery Cost
The estimated £11 million recovery cost encompasses multiple components: emergency IT support and forensic investigation, system rebuild and data recovery, temporary manual processing arrangements, staff overtime and additional resourcing, replacement hardware and software, and the long-term investment required to improve security posture following the incident. The figure illustrates why ransomware prevention is dramatically more cost-effective than remediation.
Impact on Residents and Services
Residents of Redcar and Cleveland experienced significant service disruption: online benefit applications were unavailable, planning portal access was disrupted, and council staff communication was severely degraded. The council had to maintain services through manual processes while rebuilding its IT systems — a significant operational burden on already-stretched council staff.
Lessons from Redcar
The Redcar attack, like Hackney, demonstrates the disproportionate cost of ransomware recovery versus prevention. Key lessons include: invest in immutable backups before an incident, not after; test recovery procedures regularly; implement EDR to detect attacks before encryption; and have a tested incident response plan that includes manual working procedures for essential services.
Frequently Asked Questions
Did Redcar and Cleveland Council pay the ransom?
Redcar and Cleveland Council did not pay the ransom demand. The council worked with the NCSC and technical support to recover its systems from available backups and rebuild where necessary — at an estimated total cost of £11 million.
How did the government respond to the Redcar attack?
The NCSC provided technical support to Redcar and Cleveland during the incident. The attack — along with subsequent council ransomware incidents — contributed to increased NCSC engagement with local government on cyber resilience, and informed the development of public sector-specific cyber guidance.
Protect your council from costly ransomware attacks
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.