A small number of services at UK government body UK Research and Innovation (UKRI) are offline and unavailable as it investigates a ransomware attack on its systems that took place on 28 January 2021.
The non-departmental, Department for Business, Energy and Industrial Strategy-backed organisation – which bears responsibility for supporting research and knowledge-sharing at higher education institutions, as well as the Innovate UK innovation agency – said the cyber attack had resulted in the encryption of data by a third party, and was impacting a number of its web assets.
As a result, it has been forced to take offline the portal for its Brussels-based UK Research Office (UKRO), which provides an information service to about 13,000 subscribers, but contains no sensitive personal data, and an extranet used by its various councils to support the peer review process at various parts of UKRI.
Some of the compromised data in this instance is understood to include grant applications and review information, as well as expense claims. All other systems are functioning normally.
“At this stage, we cannot confirm whether any of that data was extracted from our systems while investigations continue,” said UKRI in a statement. “We take incidents of this nature extremely seriously and apologise to all those affected.
“We are working to securely reinstate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data.
“We are working to restore all affected services as soon as possible and provide alternative support to minimise any disruption to the peer review process and users of the UKRO portal. We will provide further updates in due course.”
UKRI has reported the incident to the National Crime Agency, the National Cyber Security Centre and the Information Commissioner’s Office.
At this stage of the investigation, there is no clear indication of which strain of ransomware is involved in the UKRI incident, or the nature of any extortion demands received by the organisation.
Niamh Muldoon, global data protection officer at OneLogin, commented: “Ransomware will remain a global cyber security threat during 2021 and the associated risk of this threat materialising will be more prevalent for certain industries and, in particular, government bodies.
“Cyber crime is a business, so all should think of it the same way. Out of all the various types of cyber crime activities, ransomware is the one activity that has a high direct return on investment associated with it, by holding the victims to ransom for financial payment. Taking the global economic environment and current market conditions into consideration, cyber criminals will, of course, continue to focus their efforts on this revenue-generating stream.”
Muldoon said it was likely that cyber criminal groups – even individuals – would increasingly club together to try to maximise the return on investment from their attacks, targeting high net worth individuals and large enterprises.
“The key message here is that no one person or industry is exempt from the ransomware threat and it requires constant focus, assessment and review to ensure you and your critical information assets remain safeguarded and protected against it,” she said.