February 1, 2021

UK Research and Innovation hit by ransomware attack

By Ellen Daniel

UK Research and Innovation (UKRI), the a non-departmental public body responsible for allocating research and innovation funding, has been hit by a ransomware attack.

In a statement published last week, the organisation said that an IT incident, which is being treated as a cyberattack, has “impacted a number of UKRI-related web assets”, leaving data encrypted by a third party.

Two services impacted by the attack are a portal for the UK Research Office, and an extranet used by UKRI councils. Both services have been suspended during the investigation and UKRI is working to restore them as soon as possible. No other UKRI systems are thought to be impacted.

UKRI said it could not yet confirm whether any data had been extracted during the attack. It has reported the incident to the National Crime Agency, the National Cyber Security Centre and the Information Commissioner’s Office and is carrying out forensic analysis to determine whether any data was taken.

Jake Moore, cybersecurity specialist at ESET said that suspending services is often the best way to begin dealing with a ransomware attack:

“Theoretically, every time there is a ransomware attack, organisations should learn from other companies’ mistakes. Whether this is preparing to fail – having protection in place for when a successful attack occurs – or by learning how others dealt with the aftermath, there are multiple case studies to heed advice from.

“Suspending services may sound extreme, but organisations are often far better positioned to deal with the consequences of a cyber attack while offline, as they can fully inspect the damage and mitigate further upheaval. With greater risk if sensitive data is released, it is far safer to suspend services that have been compromised until thorough checks have been made and more robust protection is in place.”

Read More: Hackers publish thousands of Scottish Environment Protection Agency files online.


Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,