The UK Research and Innovation (UKRI) agency suffered a ransomware attack. At present, it’s unclear whether the attack has also resulted in a data breach.
UKRI Ransomware Attack
Reportedly, UK’s public agency managing science and research works UK Research and Innovation has suffered a cyber attack. The agency disclosed via a security statement, UKRI has suffered a ransomware attack.
The incident specifically affected two UKRI services. These include a portal for UK Research Office (UKRO) serving subscribers with information service and the BBSRC extranet that UKRI Council uses for supporting the peer review process.
Following the incident, UKRI suspended both the services whilst continuing its routine operations.
While UKRI investigates the matter, they presently haven’t confirmed whether the attackers also had stolen any data before encryption.
We are working to securely re-instate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data.
Nonetheless, they assure that the UKRO subscription service having around 13,000 users stores no sensitive data about the users.
However, the breach of the extranet hints at a potential impact on the data regarding peer review and grant applications.
What Next?
UKRI has admitted that a “third-party” encrypted their data about which, they have informed the law enforcement.
As stated in their notice,
We have reported the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office.
We take incidents of this nature extremely seriously and apologise to all those affected.
It’s presently unclear about what demands have been put forward by the attackers, who they are, and whether or not UKRI will pay the ransom to the attackers.