[BreachExchange] Hacked forensic firm pays ransom after malware attack

Destry Winant destry at riskbasedsecurity.com
Mon Jul 8 09:58:54 EDT 2019


https://www.theguardian.com/science/2019/jul/05/eurofins-ransomware-attack-hacked-forensic-provider-pays-ransom

Britain’s largest private forensics provider has paid a ransom to
hackers after its IT systems were brought to a standstill by a
cyber-attack, it has been reported.

Eurofins, which is thought to carry out about half of all private
forensic analysis, was targeted in a ransomware attack on 2 June,
which the company described at the time as “highly sophisticated”.
Three weeks later the company said its operations were “returning to
normal”, but did not disclose whether or not a ransom had been paid.

The BBC has reported that the company paid the hackers to regain
control of its systems, although it said it had not been told how much
money was paid or when any payment was made.

Ransomware is a type of computer program that infiltrates an IT system
and threatens to publish the victim’s data or block their access to it
by encrypting files until a sum of money is paid.

Since the attack, police have halted all work with Eurofins, which
normally processes more than 70,000 criminal cases each year in the
UK, including DNA analysis, toxicology, firearms analysis and computer
forensics.

The National Police Chiefs’ Council launched an emergency response to
the cyber-attack to prioritise the flow of forensic submissions so
that the most serious crimes could continue to be investigated
rapidly. However, cases are being delayed as police struggle to
allocate the growing backlog of case work.

Other forensics firms doing case reviews on the behalf of defence
teams have been told they cannot access files held by Eurofins,
meaning prosecutions that are already under way are also being
affected and some court hearings have already been postponed.

Eurofins has not responded to questions from the Guardian about
whether a ransom had been paid. In its last update on 24 June, the
company said it had “identified the variant of the malware used” in
the attack and had strengthened cybersecurity. It said at that point
that its investigations had not found evidence of any unauthorised
theft or transfer of confidential client data.

The National Crime Agency, which is leading the criminal investigation
into the cyber-attack, said whether to pay the ransom iwas a matter
for the victim.

Rob Jones, the director of threat leadership at the NCA, said: “We are
securing evidence and forensically analysing infected computers, but
due to the quantity of data involved and the complexity of these kinds
of inquiries, this is an investigation which will take time, therefore
we cannot comment further at this time.”

The Eurofins case is the latest major problem to hit forensic
provision, following the collapse of Key Forensic Services and alleged
drug test manipulation at Randox Testing Services laboratory in
Manchester.


More information about the BreachExchange mailing list