Government innovation institute suspends two services following suspected ransomware attack

UK Research and Innovation (UKRI) disclosed last week that it has been hit with a cyber attack that resulted in some of its data being encrypted by a third party.

The organisation did not provide detailed information about the attack, but said that it was taking appropriate measures to restore affected services as soon as possible.

UKRI is a non-departmental public body of the UK government. It was established in April 2018 and is sponsored by the Department for Business, Energy and Industrial Strategy (BEIS). The organisation operates across the country and is tasked with investing in science and research.

UKRI said that many of its web assets have been adversely impacted following the security incident. They include a portal of the UK Research Office (UKRO) the BBSRC extranet.

The UKRO portal impacted is based in Brussels and offers information service to subscribers.

The BBSRC extranet is used by the UK councils for peer-review activity. UKRI said that the extranet does not contain any sensitive personal data.

Both services have been suspended following the attack.

“No other UKRI systems are impacted and the important work of UKRI is continuing,” UKRI said in an online statement.

Cyber security experts are currently investigating the incident. UKRI has also notified appropriate agencies, including the National Crime Agency, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO), about the incident.

UKRI said that it cannot confirm at this point whether data was extracted from its systems, but it noted that the attackers were able to compromise  data related to grant applications and review information from the extranet service.

If it is found that users’ personal data was compromised, such individuals would be immediately contacted, UKRI said.

While UKRI did not reveal any information about the nature of the security incident, experts believe that it could be a ransomware attack again the organisation.

Last year a survey by CrowdStrike revealed that UK businesses are paying more ransom to cybercriminals than their peers in other parts of the world.

The study found that 39 per cent of UK organisations have suffered a ransomware attack in the last 12 month, and they paid approximately £940,000 ($1.2 million) ransom on average – higher than the global average of $1.1 million.

The study also revealed that the average time for UK organisations to identify an intruder also increased from 39 hours in 2019 to 61 hours in 2020, providing attackers a much larger window in which to access confidential information.

Last month, the Scottish Environmental Protection Agency (SEPA) disclosed that it was responding to an ongoing ransomware attack that was identified on Christmas Eve and knocked many of its critical IT systems offline.

SEPA said that an initial investigation suggested that a highly organised, international cyber-crime group was behind the attack, intending to disrupt SEPA’s public services and extort public funds.