At least two government services have been knocked offline as part of a wider cyber attack against UK Research and Innovation (UKRI), with hackers also encrypting data belonging to the public sector organisation.
The non-departmental research and innovation arm of the government operates across the UK and allocates resources towards science and research projects. Some of its work, for example, involves allocating grants to startups developing emerging technologies, such as artificial intelligence (AI).
The cyber attack that UKRI has sustained has affected a number of its web assets. Some data is encrypted, and the nature of the attack is believed to be ransomware.
Services affected include a portal of the UK Research Office (UKRO), which offers information services to subscribers from its base in Brussels, and the Biotechnology and Biological Sciences Research Council (BBSRC) extranet. The Biotechnology and Biological Sciences Research Council (BBSRC) extranet is a platform for UK councils to engage in peer-review activity. Both services have been temporarily suspended as a precaution while an investigation continues.
UKRI has reported the incident to the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO). No further details were provided in the UKRI statement, such as a timeline of the attack or which group may be responsible.
With some data encrypted, UKRI has assured the individuals affected that they will be contacted as soon as possible. The precise nature of the compromised data is still unknown and subject to the findings of an ongoing investigation, although this could include the loss of personal data, financial data and other sensitive data.
“Theoretically, every time there is a ransomware attack, organisations should learn from other companies’ mistakes,” said ESET security specialist, Jake Moore. “Whether this is preparing to fail - having protection in place for when a successful attack occurs – or by learning how others dealt with the aftermath, there are multiple case studies to heed advice from.
“Suspending services may sound extreme, but organisations are often far better positioned to deal with the consequences of a cyber attack while offline, as they can fully inspect the damage and mitigate further upheaval. With greater risk, if sensitive data is released, it is far safer to suspend services that have been compromised until thorough checks have been made and more robust protection is in place.”
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
-
Warning issued over prolific 'Ghost' ransomware groupNews The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
