Fears that Britain’s councils could be an easy target for ransomware have grown after Redcar and Cleveland Borough Council was attacked last week.

The online public services of more than 135,000 residents have been down for more than a week as the council battles with the cyber breach.

Officials from the National Cyber Security Centre have been on site since the attack took place on Saturday, February 8.

Neither the NCSC or the council have stated that a ransom demand has been made, however experts have suggested the stoppage in services was likely due to such an attack.

Eset cyber security specialist Jake Moore said the council was not the first to be struck with ransomware.

“It’s extremely interesting that other councils haven’t taken these previous attacks as a lesson to be learned,” he said.

“It’s crazy to me we’re seeing these kinds of attacks, I think it’s more than a financial thing for councils. I think they need help to understand these things are real and are not going away.”

Ransomware attacks usually involve an organisation’s systems being disrupted until a sum is paid.

Mr Moore, who previously headed up digital forensics at Dorset Police, said that private companies may be secretly paying off ransoms but that councils must announced if they’ve chosen to pay.

“When councils aren’t back up and running within a few days then there is a serious problem with how they have their systems set up,” he said.

“Councils are maybe not understanding the risks in the same way the private sector does. All councils are different, they set up differently. But usually the finding is the same, which is low. This isn’t the first council breach and it won’t be the last.”

Mr Moore said it was very difficult to stop a “human error” and that in many cases users could click through warnings of spyware or ransomware and continue to install the nefarious technology.

A spokesman for the NCSC confirmed the attack but insisted it was an “isolated incident” and that it was working with partners to understand its impact. It did not clarify whether the attack constituted ransomware.

The council said that it did not have an “exact timescale” as to when the site would be live again but that its teams were working hard to address the matter.

The council has been reduced to operating on a pen and paper basis and its staff is fielding calls from citizens on various hotlines.

It is understood that authorities working on the attack are concerned at the prospect of caving to the demands as it may send out a positive message to other would-be attackers.