Title

DATA

A time for vigilance as ransomware threat still looms

Among the many recently identified threat vectors that should concern local government is a malware threat group known as APT12, which has been attributed to China, warns chief executive of the iESE Dr Andrew Larner.

Recent information published by the MITRE ATT&CK knowledge base illustrates that there are increasing threats targeted specifically at government (central and local) from Nation States and organised criminal groups, designed to cause ‘local disruption' and access ‘sensitive data'.

Among the many recently identified threat vectors that should concern local government is a threat group known as APT12, which has been attributed to China. The group has targeted a variety of victims including, media outlets, high-tech companies, and multiple Governments and governmental organisations. They have expertly exploited multiple vulnerabilities for execution, which is particularly concerning at this moment in time with workers operating remotely. There is a fear that malicious code may be ‘injected' into remote workers' machines and remain inactive until that device is reconnected to the central network.

The techniques above are often used to effect ransomware attacks on organisations and a particularly worrying development is the move from requesting a set ransom from the specific council to putting a sample of their data up on auction sites to raise the ransom value to a higher level, selling to the highest bidder. Not only would you be unable to perform your critical functions, but the whole world would immediately know about it and be able to see a sample of stolen data!

In early June, the University of California San Francisco was attacked by the notorious NetWalker ransomware; medical research files were encrypted, and a demand was made for $3m Bitcoin payment. BBC News was anonymously tipped-off about the ransom and was able to follow the demands and negotiations in near real-time. The University ended up negotiating a settlement of $1.14m to stop the data being sold on the dark web.

It is impossible for any anti-virus, EDR, firewall solution to continuously update and increase their signatures to stop all these attacks, many of which have not been seen before. However, there is now a unique and patented zero-day, zero-trust technology. Unlike other malware protection, this technology is capable of defence on day zero when the virus is first released as it does not need to know or have seen previously the signature of the attack. And zero-trust means that it monitors everything and trusts nothing.

We are currently testing this new technology with local authorities, if you are interested in being a trial site please contact annabelle.spencer@iese.org.uk.

Dr Andrew Larner is chief executive of the Improvement & Efficiency Social Enterprise (iESE), which supports public sector transformation

For more information visit www.iese.org.uk

DATA

Pursuing AI without a large language model

By Paul Marinko | 09 October 2025

Councils remain eager to grasp the opportunities offered by AI, but a recognised lack of knowledge remains a worry and the sector also remains in need of cap...

DATA

Beyond winning and losing: leadership lessons for LGR

By Max Wide | 01 October 2025

Max Wide explores the leadership choices posed by reorganisation and reflects on how collaboration, cultural integration and private sector insights can help...

DATA

AI and tech – the evolution of care

By Simon Guerrier | 22 September 2025

Simon Guerrier examines what AI and technology-enabled care are, the benefits they can bring, the risks and costs to consider, and the lessons from one local...

DATA

How to be a successful council chief

By Frazer Thouard | 10 September 2025

In advance of The MJ’s Future Forum Midlands, recruitment specialist GatenbySanderson crunch the data in a bid to find the answer to achieving successful loc...

Dr Andrew Larner

Popular articles by Dr Andrew Larner