At least two government services have been knocked offline as part of a wider cyber attack against UK Research and Innovation (UKRI), with hackers also encrypting data belonging to the public sector organisation.
The non-departmental research and innovation arm of the government operates across the UK and allocates resources towards science and research projects. Some of its work, for example, involves allocating grants to startups developing emerging technologies, such as artificial intelligence (AI).
The cyber attack that UKRI has sustained has affected a number of its web assets. Some data is encrypted, and the nature of the attack is believed to be ransomware.
Services affected include a portal of the UK Research Office (UKRO), which offers information services to subscribers from its base in Brussels, and the Biotechnology and Biological Sciences Research Council (BBSRC) extranet. The Biotechnology and Biological Sciences Research Council (BBSRC) extranet is a platform for UK councils to engage in peer-review activity. Both services have been temporarily suspended as a precaution while an investigation continues.
UKRI has reported the incident to the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO). No further details were provided in the UKRI statement, such as a timeline of the attack or which group may be responsible.
With some data encrypted, UKRI has assured the individuals affected that they will be contacted as soon as possible. The precise nature of the compromised data is still unknown and subject to the findings of an ongoing investigation, although this could include the loss of personal data, financial data and other sensitive data.
“Theoretically, every time there is a ransomware attack, organisations should learn from other companies’ mistakes,” said ESET security specialist, Jake Moore. “Whether this is preparing to fail - having protection in place for when a successful attack occurs – or by learning how others dealt with the aftermath, there are multiple case studies to heed advice from.
“Suspending services may sound extreme, but organisations are often far better positioned to deal with the consequences of a cyber attack while offline, as they can fully inspect the damage and mitigate further upheaval. With greater risk, if sensitive data is released, it is far safer to suspend services that have been compromised until thorough checks have been made and more robust protection is in place.”
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
