UK Research and Innovation (UKRI) has revealed that it was attacked by ransomware, during which they were encrypted data while two of them were affected services of. UKRI is a public body of the United Kingdom Government, which invests in science and research. It operates across the country with a budget of over λι 6 billion, funded by the Department of Business, Energy and Industrial Strategy.
Given the resources with which it works, the company is an attractive target for ransomware gangs. In particular, the hackers aim organizations with "big pockets", who are then forced to pay large sums of money to decrypt their data.
UK Research and Innovation reports ransomware attack resulting in encryption data from a third party. However, the agency did not provide further details about the incident security or about who is behind it. This is due to the fact that an investigation is currently underway to investigate the case. The UK Research and Innovation report only the following: "We have reported the incident to the National Crime Service, the National Cyber Security Center and the Office of the Information Commissioner."
The two services affected by the incident are a portal of the UK Bureau of Investigation (UKRO) based in Brussels and offering an information service to subscribers, as well as an extranet used by UKRI boards for peer review activity. Both services have been suspended.
So far, there is no evidence that intruders stole data from UKRI systems. However, the agency notes that the hackers have violated the grant applications and are checking the information from the extranet service.
According to BleepingComputer, the UKRO subscription service has 13.000 users and hackers may have stolen data from it, which may include personal information. If research reveals theft data, UK Research and Innovation will reach out to those affected.
The organization is not able to disclose more information until the assessment of the incident is completed, but is considering the loss of personal, financial or other types of sensitive data.