Eurofins Scientific, the premier forensic testing provider, had to pay ransom to malicious actors to regain access to internal IT systems that were hijacked by unknown hackers following a major ransomware attack.
On June 5th, Eurofins Scientific announced that its IT systems located in several countries were impacted by a massive ransomware attack that forced its IT teams to turn many systems and servers offline to limit the spread of the ransomware infection. The company instantly alerted authorities about the cyber incident and took steps to mitigate its impact.
Later that month, Eurofins announced that the vast majority of affected laboratories’ operations had been restored, that all IT systems were up and running and that only a few back offices and software development systems were undergoing restoration.
"Forensics investigations are ongoing but we have identified the variant of the malware used and it is now being recognised and when detected neutralized by our IT security solutions as updated with the versions released on Sunday June 2nd and thereafter.
"The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data. The security of our client data and of all our IT systems is of the utmost importance to Eurofins," Eurofins said.
Did Eurofins pay ransom to cyber criminals?
According to several news reports, Eurofins regained access to its IT systems after the company decided to pay an undisclosed ransom amount to unnamed hackers in order to regain access to its IT systems and to resume operations in multiple countries.
The ransomware attack had a crippling impact on Eurofins' business as police forces across the UK stopped sharing data with the company after the ransomware attack was announced. The company reportedly processes over 70,000 criminal cases every year.
According to BBC, the ransom amount could have been paid any time between June 10th and June 24th when the company regained access to most of its IT systems except for a few back offices and software development systems.
Even though Eurofins has recovered following the cyber incident, police forces across the UK have still not resumed data sharing with the firm but the National Police Chiefs' Council (NPCC) has claimed that "excellent progress" had been made so far in dealing with the fallout of the ransomware attack.
Eurofins has also not shared any updates about the cyber incident since 24th June and has refused to comment on whether it paid ransom to hackers to minimise the fallout of the cyber attack. The Luxembourg Data Protection Authority is leading an investigation into the data security incident and is receiving help from data protection authorities in countries where Eurofins had a presence and where its IT systems were taken over by hackers.
In the UK, the National Crime Agency is leading criminal investigations into the ransomware attack on Eurofins that disrupted operations and caused severe downtime at laboratories located in several countries.
"The National Crime Agency is leading the criminal investigation into a recent cyber incident that has affected Eurofins Scientific. Specialist cyber-crime officers from the NCA are working with partners from the National Cyber Security Centre and the National Police Chief’s Council to mitigate the risks and assess the nature of this incident," said Rob Jones, Director of threat leadership at the NCA.
"We are securing evidence and forensically analysing infected computers, but due to the quantity of data involved and the complexity of these kinds of enquiries, this is an investigation which will take time, therefore we cannot comment further at this time," he added.