Ransomware attack on Serco and UK Research and Innovation

428

Ransomware news is out that UK Research and Innovation (UKRI) was hit by a file encrypting malware attack leading to severe disruption and data theft last week. Highly placed sources say that two of the organizations service groups- UK Research Office (UKRO) and BBSRC extranet were hit in the malware attack, causing concerns to the UKRI council members.

Operational wise UKRI was founded in 2018 and is a supportive body serving Department of Business, Energy, and Industrial Strategy (BEIS). The council group comprises 9 councils that help businesses meet innovation through detailed research.


Britain’s National Crime Agency along with the NCSC and Information Commissioners’ Office are busy probing down the incident. Unfortunately, if data leak has been detected, then UKRI might face a harsh penalty from EU’s GDPR as it has failed to protect the data of its users from hackers.

Meanwhile, another company dubbed Serco that is based in England and is into outsourcing of services was also hit by a ransomware attack in the last weekend. While a certain section of media disclosed that the information related to UK’s covid tests and trace systems was leaked in the attack, the company has readily denied it.

Cybersecurity Insiders has learnt that Serco’s European operations were deeply impacted in the malware attack that was targeted by Babuk Ransomware uploaded to VirusTotal software tool. Around 1TB of data related to NATO and Belgian army was reportedly stolen by the threat actors who have threatened the firm to leak the details online if the company denied paying a ransom of $85,000 in Bitcoins.