UK Research and Innovation suffers ransomware attack

The agency has suspended some services while an investigation takes place.

UK Research and Innovation (UKRI) has disclosed a ransomware attack that has disrupted services and may have led to data theft. 

The cyberattack, made public last week, has impacted two of the group's services: a portal used by the Brussels-based UK Research Office (UKRO) and an extranet, known as the BBSRC extranet, which is utilized by UKRI councils. 

Launched in 2018, UKRI is a public body supported by the Department for Business, Energy and Industrial Strategy (BEIS). Nine councils come together under the brand to manage research grants and to support innovative businesses and opportunities in the United Kingdom.

UKRI said that the IT incident has resulted in "data being encrypted by a third-party," which implies that ransomware at fault. 

Ransomware is a type of malware that is now often a culprit in attacks against the enterprise. Once ransomware has landed on a compromised system, it will usually encrypt data and files and may also spread throughout a network to take out backups and other resources. 

When data encryption is complete, users are locked out and ransomware operators will demand a payment in return for a decryption key. This blackmail demand is often required in cryptocurrencies such as Bitcoin (BTC). 

UKRI is yet to disclose concrete details concerning the ransomware and is still dealing with disruption to its services. 

The UKRO portal is used to provide information to subscribers -- of which there are roughly 13,000 -- and the extranet is the infrastructure used for peer review processing. Both services are currently suspended.

"At this stage, we cannot confirm whether any of that data was extracted from our systems whilst investigations continue," UKRI says. "We take incidents of this nature extremely seriously and apologize to all those affected."

If data has been stolen, this may include grant applications and review information contained in the portals, as well as expense claims. However, the agency does not yet know if financial information has been taken. 

"We are working to securely reinstate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data," the group says. "If we do identify individuals whose data has been taken we will contact them further as soon as possible."

The ransomware attack has been reported to the UK's National Crime Agency (NCA), the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO). 

According to DLA Piper, £142.7 million ($193.4 million) in fines have been issued over the past year for breaches of the EU's General Data Protection Regulation (GDPR), close to a 40% increase in comparison to the previous 20 months. 

While the UK is no longer part of the EU, there is little material change as the data protection legislation has been incorporated into UK laws, in what is now known as UK GDPR. Any company found to have breached UK GDPR may be subject to fines by the ICO. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0