Glasgow City Council, one of the largest local governing authorities in Scotland, has officially confirmed that it has fallen victim to a ransomware attack that has crippled its IT systems for over a week. According to council officials, several essential services have been significantly disrupted as a result of the cyber incident.
Among the services most affected are payment and processing of penalties (including parking fines), school attendance reporting systems, planning application submissions, and various citizen registration services. While the council is continuing to offer limited support via telephone, digital operations remain severely impacted.
Notably, services that are interconnected or rely on shared infrastructure—such as parking penalty payment systems used by North Lanarkshire Council—are also experiencing outages, indicating the broad scope of the attack.
Authorities suspect that this could be more than just a typical ransomware case. The possibility of a double extortion attack is being actively investigated. In such scenarios, attackers not only encrypt critical data, demanding a ransom for decryption keys, but also exfiltrate sensitive information. If the victim refuses to pay, this data is often leaked or sold on the dark web, adding pressure on the target and compounding the potential damage.
There is growing concern that the attackers may attempt to use the stolen data to directly contact individuals, spreading misinformation, engaging in identity theft, or even coercing victims into criminal activities such as money laundering. There is also a significant risk that victims could be tricked into handing over cryptocurrency through social engineering tactics.
The Scottish Cyber Coordination Centre (SC3), in collaboration with the UK’s National Cyber Security Centre (NCSC), is actively investigating the incident. The attack is believed to have occurred on June 19, 2025, targeting the council’s internal infrastructure. Cybersecurity experts are now working to assess the full scope of the breach, restore critical services, and identify those responsible.
In the meantime, citizens are advised to remain vigilant. Anyone contacted by unknown sources claiming to be affiliated with the council or requesting sensitive information should report the communication to local authorities immediately.
Join our LinkedIn group Information Security Community!
