UK Research and Innovation (UKRI) has confirmed it was recently a target of a ransomware attack that disrupted a couple of services and involved hackers targeting web assets and encrypting data.
In a press release published last week, UKRI said the cyber attack impacted two of its services, namely a UK Research Office (UKRO) portal based in Brussels and an extranet named the BBSRC extranet used by UKRI Councils to support the peer review process for various parts of UKRI.
Founded in April 2018, UKRI is a non-departmental public body of the UK Government that directs research and innovation funding, funded through the science budget of the Department for Business, Energy and Industrial Strategy. The organisation works with Research England and Innovate UK to support research and knowledge exchange at higher education institutions in England.
In its cyber incident notification, UKRI said it reported the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office and is trying to find out if any data was stolen from its systems.
"We are working to securely re-instate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data. We take incidents of this nature extremely seriously and apologise to all those affected," it said.
“UKRI councils and a number of cross-cutting schemes use the impacted extranet for some of their peer review activity; as a result the data that has been compromised includes grant applications and review information. Although we do not know at this stage whether the data has been taken, we would encourage anyone with concerns to contact us on JeSHelp@je-s.ukri.org.
"In some instances, for a limited number of UKRI review panel members, the extranet service is used to support the processing of expense claims. We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation,” it added.
Commenting on the ransomware attack targeting UKRI services, Javvad Malik, security awareness advocate at KnowBe4, said we’ve seen an increase in attacks against government departments and local councils over the last year, with many cases of ransomware. In all these cases, the affected parties have only been aware of the incident once ransomware has been deployed and have been unable to confirm if any data was exfiltrated prior to ransomware.
"Ransomware attacks are not going to slow down any time soon, especially since the majority of attacks are successful through social engineering such as phishing attacks. It is therefore imperative that the Government invests not just in cybersecurity controls, but cultivate a culture of cybersecurity.
"This way, not only can it reduce the likelihood of an attack being successful, but ensure the right controls are in place throughout the layers so that it is possible to quickly detect where any data may be exfiltrated or where criminals have accessed corporate resources," he added.
According to Eoin Keary, CEO and founder of Edgescan, ransomware attacks are mostly possible because of two factors: an unpatched, known vulnerability and an element of social engineering that enables attackers to execute a payload on an internal network.
He added that while vulnerabilities can be controlled with a strong patch management strategy and by improving visibility through regular vulnerability scans, social engineering attacks can only be defended against through regular and realistic security awareness courses.