The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency.
UKRI is a public body of the Government of the United Kingdom, tasked with investing in science and research. It operates across the country with a budget of more than £6 billion, funded by the Department for Business, Energy and Industrial Strategy.
Given the funds it works with, the agency is an attractive target for big-game ransomware gangs that target organizations with large pockets to pay for data decryption.
Some data compromised
An announcement from UKRI this week informs of a cyberattack that resulted in “data being encrypted by a third party.”
The disclosure is scarce in details about the attack or who was behind it as an investigation is underway. “We have reported the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office,” UKRI informs.
The two services affected by the incident are a portal for the UK Research Office (UKRO) based in Brussels that offers an information service to subscribers and an extranet that UKRI councils use for their peer review activity. Both services have been suspended.
At this point in the investigation, there is no evidence that the attackers stole any data from UKRI’s systems but the agency notes that the hackers have compromised grant applications and review information from the extranet service.
“We do not yet know whether any financial details have been taken, but we will endeavor to contact panel members to advise on personal protection against possible fraud in this situation” – UK Research and Innovation
Furthermore, the UKRO subscription service has 13,000 users and the hackers may have taken data belonging to them – non-sensitive, personal information. Should the investigation reveal a data theft, UKRI will contact affected individuals.
The agency cannot confirm this as a fact until the assessment of the incident completes but is considering the loss of personal, financial, or other types of sensitive data to the attackers.