[BreachExchange] Global Government Outsourcer Serco Hit by Ransomware
Destry Winant
destry at riskbasedsecurity.com
Wed Feb 3 10:50:29 EST 2021
https://www.infosecurity-magazine.com/news/global-government-outsourcer-serco/
A multi-national outsourcing company that runs part of the UK’s
COVID-19 Test and Trace system has been hit by ransomware, according
to reports.
British services business Serco, which employs 50,000 staff and
manages hundreds of contracts worldwide, confirmed to Sky News that it
had suffered an attack. However, the firm did not comment on the
impact or whether it had paid the ransom demand.
It did claim, however, that only its mainland European operations were
impacted, meaning NHS Test and Trace was unaffected.
The news site caught wind of the incident after spotting a sample of
the Babuk ransomware uploaded to VirusTotal. Apparently included was
the ransom note addressed to Serco, in which the attackers claimed:
“We’ve been surfing inside your network for about three weeks and
copied more than 1TB of your data.”
The note reportedly hinted that Serco partners such as NATO and the
Belgian army may have had documents exposed in the attack. However,
there’s no evidence of any stolen information being published online
as yet.
There’s relatively little information on new variant Babuk, although
ransom fees are said not to have exceeded $85,000 in attacks to date.
Its leak site claims the group doesn’t target hospitals, schools or
companies with less than $4m in annual revenue, according to security
vendor Cyberint.
Serco’s revenue of over £ bn in 2019 would have made the company an
attractive target for ransomware.
The NHS Test and Trace program has been frequently criticized for slow
test results and ineffective contact tracing. The government’s
decision to centralize the process and bring the private sector in to
run it rather than draw on the experience of local health authorities,
also exasperated many experts.
However, health secretary Matt Hancock tweeted last week that over 90%
of test results are being returned the next day and the same number of
contacts are being reached and told to self-isolate.
More information about the BreachExchange
mailing list