On June 2, Eurofins, the UK’s largest forensics analysis firm was the victim of what the company described as a “highly sophisticated” ransomware attack.
The hackers involved demanded a substantial fee from the firm, which is estimated to carryout nearly half of all forensic work in the UK, to return control of its IT systems.
Three weeks after the attack the company reported that its operations had “returned to normal,” but did not say whether or not the ransom had been paid. According to a report by the BBC, Eurofins paid the ransom, however, it did not say when or how much was handed over.
- British Airways Facing £183M Fine Over Hack
- NHS ‘Urgently’ Needs to Invest in Cyber Resilience Measures
- TikTok Under the Spotlight in ICO Investigation
Ransomware is a type of malware from cryptovirology that can be deployed to infiltrate a target’s IT systems. Typically the hacker then threatens to publish the victim’s data or indefinitely block access to the infected system unless a ransom is paid.
Since the attack, Police have ceased all work with the firm, which normally processes upwards of 70,000 criminal cases each year in the UK, including DNA analysis, toxicology, firearms analysis and computer forensics.
As a result of the cessation, the National Police Chiefs’ Council has launched an emergency response to the cyber attack to ensure continuity in the flow and processing of forensic submissions.
This measure was taken to ensure that high priority crimes could continue to be investigated rapidly. However, there are still delays as police struggle to allocate the growing backlog of case work.
Prosecutions already underway and court hearings are also being delayed or even postponed in the wake of the attack, as forensic firms working on behalf of defence teams are being denied access to files held by Eurofins at this time. Eurofins has yet to respond to the BBC‘s assertion or questions from the Guardian as to whether or not the ransom was paid.
In a statement on June 24, the company’s last update on the situation, the firm said it had “identified the variant of the malware used” in the attack and had taken measures to strengthen its cybersecurity. It has also said that at present its investigation had not found evidence of any unauthorised theft or transfer of confidential client data.
Rob Jones, the director of threat leadership at the National Crime Agency, which is leading the criminal investigation into the attack, said: “We are securing evidence and forensically analysing infected computers, but due to the quantity of data involved and the complexity of these kinds of inquiries, this is an investigation which will take time, therefore we cannot comment further at this time.”