A small number of services at the UK government body for Research and Innovation (UKRI) are offline and unavailable while investigating a ransomware attack on their systems that took place on January 28, 2021.
The non-departmental organization backed by the Department for Business, Energy and Industrial Strategy, which has a responsibility to support research and knowledge sharing in higher education institutions, as well as the innovation agency Innovate UK, said the cyber attack it had resulted in encryption. data from a third party and was affecting several of your web assets.
As a result, it has been forced to disconnect the portal from its Brussels-based UK Research Office (UKRO), which provides an information service to some 13,000 subscribers, but does not contain sensitive personal data, and an extranet used by his various tips. to support the UKRI multi-part peer review process.
Some of the data compromised in this case is understood to include grant applications and review information, as well as expense claims. All other systems work normally.
“At this stage, we are unable to confirm whether any of that data was extracted from our systems while investigations continue,” UKRI said in a statement. “We take incidents of this nature very seriously and apologize to all those affected.
“We are working to safely restore the affected services, as well as to perform forensic analysis to determine if any data was taken, including the possible loss of personal, financial or other data.
“We are working to restore all affected services as soon as possible and provide alternative support to minimize any disruption to the UKRO portal user and peer review process. We will provide further updates in due course. “
UKRI has reported the incident to the National Crime Agency, the National Cyber Security Center and the Information Commissioner’s Office.
At this stage of the investigation, there is no clear indication of what type of ransomware is involved in the UKRI incident, or the nature of the extortion demands received by the organization.
Niamh Muldoon, OneLogin Global Data Protection Officer, commented: “Ransomware will continue to be a global cybersecurity threat through 2021 and the associated risk of this threat materializing will be more prevalent for certain industries and, in particular, for Government agencies.
“Cybercrime is a business, so everyone should think of it the same way. Of all the various types of cyber criminal activities, ransomware is the only activity that has a high direct return on investment associated with it, as it forces victims to ask for a ransom for a financial payment. Considering the global economic environment and current market conditions, cybercriminals will of course continue to focus their efforts on this revenue-generating stream. “
Muldoon said that cybercriminal groups, including individuals, were likely to increasingly band together to try to maximize the return on investment from their attacks, targeting high-net-worth individuals and large companies.
“The key message here is that no person or industry is exempt from the threat of ransomware and requires constant focus, assessment and review to ensure that you and your critical information assets remain safeguarded and protected against it,” he said.