UK Research and Innovation (UKRI) discloses a ransomware attack

The UK Research and Innovation (UKRI) disclosed a ransomware attack that has disrupted services and may have led to data theft. The cyberattack has impacted two of the group's services: a portal used by the Brussels-based UK Research Office (UKRO) and an extranet, known as the BBSRC extranet, which is utilized by UKRI councils.

UKRI, launched in 2018, is a public body supported by the Department for Business, Energy and Industrial Strategy (BEIS). Nine councils come together under the brand to manage research grants and to support innovative businesses and opportunities in the United Kingdom.

UKRI said that the IT incident has resulted in "data being encrypted by a third-party," which implies that ransomware is at fault.

Ransomware is a type of malware that is now often a culprit in attacks against the enterprise. Once ransomware has landed on a compromised system, it will usually encrypt data and files and may also spread throughout a network to take out backups and other resources.

The users will be locked out and ransomware operators will demand a payment in return for a decryption key. This blackmail demand is often required in cryptocurrencies such as Bitcoin (BTC), once data encryption is complete.

UKRI is yet to disclose concrete details concerning the ransomware and is still dealing with disruption to its services.

The UKRO portal is used to provide information to subscribers -- of which there are roughly 13,000 -- and the extranet is the infrastructure used for peer review processing. Both services are currently suspended.

"At this stage, we cannot confirm whether any of that data was extracted from our systems whilst investigations continue," UKRI says. "We take incidents of this nature extremely seriously and apologize to all those affected."

If data has been stolen, this may include grant applications and review information contained in the portals, as well as expense claims. The agency however does not yet know if financial information has been taken.

"We are working to securely reinstate impacted services as well as conducting forensic analysis to ascertain if any data was taken, including the potential loss of personal, financial or other sensitive data," the group says. "If we do identify individuals whose data has been taken we will contact them further as soon as possible."

The ransomware attack has been reported to the UK's National Crime Agency (NCA), the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).

While the UK is no longer part of the EU, there is little material change as the data protection legislation has been incorporated into UK laws, in what is now known as UK GDPR. Any company found to have breached UK GDPR may be subject to fines by the ICO.