A small number of services at the UK government body UK Research and Innovation (UKRI) are offline and unavailable as it investigates a ransomware attack on its systems on 28 January 2021. The non-departmental, Department for Business, Energy and Industrial Strategy-backed organization – which bears responsibility for supporting research and knowledge-sharing at higher education institutions, as well as the Innovate UK innovation agency – said the cyber attack had resulted in the encryption of data by a third party and was impacting a number of its web assets.
As a result, it has been forced to take offline the portal for its Brussels-based UK Research Office (UKRO), which provides an information service to about 13,000 subscribers. Still, it contains no sensitive personal data and an extranet used by its various councils to support the peer review process at multiple parts of UKRI.
Some of the compromised data in this instance are understood to include grant applications and review information, as well as expense claims. All other systems are functioning normally.
“At this stage, we cannot confirm whether any of that data was extracted from our systems while investigations continue,” said UKRI in a statement. “We take incidents of this nature extremely seriously and apologize to all those affected.
“We are working to securely reinstate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial, or other sensitive data.