Ransomware attack disrupts UKRI services and web assets

Ransomware attack disrupts UKRI services and web assets

Backup services giant Exagrid paid $2.6m in ransom to Conti ransomware gang

UK Research and Innovation (UKRI) has confirmed it was recently a target of a ransomware attack that disrupted a couple of services and involved hackers targeting web assets and encrypting data.

In a press release published last week, UKRI said the cyber attack impacted two of its services, namely a UK Research Office (UKRO) portal based in Brussels and an extranet named the BBSRC extranet used by UKRI Councils to support the peer review process for various parts of UKRI.

Founded in April 2018, UKRI is a non-departmental public body of the UK Government that directs research and innovation funding, funded through the science budget of the Department for Business, Energy and Industrial Strategy. The organisation works with Research England and Innovate UK to support research and knowledge exchange at higher education institutions in England.

In its cyber incident notification, UKRI said it reported the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office and is trying to find out if any data was stolen from its systems.

“We are working to securely re-instate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data. We take incidents of this nature extremely seriously and apologise to all those affected,” it said.

“UKRI councils and a number of cross-cutting schemes use the impacted extranet for some of their peer review activity; as a result the data that has been compromised includes grant applications and review information. Although we do not know at this stage whether the data has been taken, we would encourage anyone with concerns to contact us on JeSHelp@je-s.ukri.org.

“In some instances, for a limited number of UKRI review panel members, the extranet service is used to support the processing of expense claims. We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation,” it added.

Commenting on the ransomware attack targeting UKRI services, Javvad Malik, security awareness advocate at KnowBe4, said we’ve seen an increase in attacks against government departments and local councils over the last year, with many cases of ransomware. In all these cases, the affected parties have only been aware of the incident once ransomware has been deployed and have been unable to confirm if any data was exfiltrated prior to ransomware.

“Ransomware attacks are not going to slow down any time soon, especially since the majority of attacks are successful through social engineering such as phishing attacks. It is therefore imperative that the Government invests not just in cybersecurity controls, but cultivate a culture of cybersecurity.

“This way, not only can it reduce the likelihood of an attack being successful, but ensure the right controls are in place throughout the layers so that it is possible to quickly detect where any data may be exfiltrated or where criminals have accessed corporate resources,” he added.

According to Eoin Keary, CEO and founder of Edgescan, ransomware attacks are mostly possible because of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.

He added that while vulnerabilities can be controlled with a strong patch management strategy and by improving visibility through regular vulnerability scans, social engineering attacks can only be defended against through regular and realistic security awareness courses.

ALSO READ: Laptops handed out by Department of Education found laced with malware

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]