UK Research and Innovation (UKRI), the a non-departmental public body responsible for allocating research and innovation funding, has been hit by a ransomware attack.
In a statement published last week, the organisation said that an IT incident, which is being treated as a cyberattack, has “impacted a number of UKRI-related web assets”, leaving data encrypted by a third party.
Two services impacted by the attack are a portal for the UK Research Office, and an extranet used by UKRI councils. Both services have been suspended during the investigation and UKRI is working to restore them as soon as possible. No other UKRI systems are thought to be impacted.
UKRI said it could not yet confirm whether any data had been extracted during the attack. It has reported the incident to the National Crime Agency, the National Cyber Security Centre and the Information Commissioner’s Office and is carrying out forensic analysis to determine whether any data was taken.
Jake Moore, cybersecurity specialist at ESET said that suspending services is often the best way to begin dealing with a ransomware attack:
“Theoretically, every time there is a ransomware attack, organisations should learn from other companies’ mistakes. Whether this is preparing to fail – having protection in place for when a successful attack occurs – or by learning how others dealt with the aftermath, there are multiple case studies to heed advice from.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
“Suspending services may sound extreme, but organisations are often far better positioned to deal with the consequences of a cyber attack while offline, as they can fully inspect the damage and mitigate further upheaval. With greater risk if sensitive data is released, it is far safer to suspend services that have been compromised until thorough checks have been made and more robust protection is in place.”