UK’s largest police forensics lab paid ransom demand to recover locked data
Eurofins Scientific, the UK’s largest police forensics lab contractor, admitted today to paying a ransom to cyber-criminals to regain access to files that had been encrypted by ransomware.
The size of the payment has not been disclosed but appears to have taken place last month, according to BBC sources.
The ransomware infection took place on June 2, last month. The Brussels-based company admitted to the incident in a press release published on the next day, calling the ransomware a “new version of malware.”
In a June 10 press release, the company said the ransomware “caused [a] disruption to many of its IT systems in several countries.”
It also added that “internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data.”
In a third press release published on June 24, Eurofins said it began recovering from the incident, but did not specify if it restored from backups or paid the ransom at the time. In light of today’s revelation, it is now believed that the company had paid the ransom by this point, and was restoring systems with the decryption key it received from the hackers.
UK police suspended its relationship with the company shortly after it disclosed the incident. The UK National Crime Agency said it was helping with the investigation and tracking down the hackers.
It is still uncertain if any of the forensic work on blood and DNA tests being done at the Eurofins laboratories would be admissible in court following the incident.
The Brussels-based company manages more than 800 laboratories all over the world, where it provides more than 200,000 analytical tests for the food, pharmaceutical, environment protection, and law enforcement fields.
One of the UK’s ambulance service providers also hit
Elsewhere in Britain, the St. John Ambulance service, one of the country’s biggest private ambulance providers, also suffered a ransomware incident this week, on July 2, according to a statement from the company.
The ransomware did not impact ambulance operations, but it did impact back office work, encrypting the data of customers who booked training courses with the service.
Also, in addition to Eurofins, another major ransomware victim paid a ransom demand this week.
In late June, ZDNet reported on a group of hackers who breached three managed service providers (MSPs) and encrypted customers’ workstations. According to a report from MSSP Alert, one of the three MSPs paid hackers to regain access to customer files, dishing out more than $150,000.