UK Police Investigations Still Affected by Ransomware AttackAttack Against Forensics Lab Created Backlog of 20,000 Tests for Criminal Cases
The June ransomware attack against one of the largest forensic labs in the U.K. continues to delay police investigations in Britain while authorities await test results.
See Also: Ransomware Recovery in the 'New Normal'
At one point, authorities were confronted with a backlog of 20,000 forensic samples - including DNA and blood-samples - that were awaiting analysis for criminal cases, according to a report by the BBC.
Earlier this year, the systems of Eurofins Scientific were crippled in a ransomware attack, resulting in the lab paying a hefty ransom to retrieve its files (see: Report: UK's Largest Forensics Firm Pays Ransom to Attacker ).
Luxembourg-based Eurofins provides DNA testing, toxicology analysis, testing of firearms and other services to British police agencies as well as their counterparts in Europe, according to the company's website.
The computer files and systems targeted in the ransomware attack included sensitive information on DNA and blood samples, which were required for urgent court hearings and police investigations. This delayed these crucial processes for several weeks, according to a Friday statement from the U.K.'s National Policing Chief's Council.
In the wake of the June attack, the chief's council, which represents police chiefs throughout the U.K., suspended its ties with the lab and diverted its high-profile samples to other private labs in the country, according to the BBC.
The council, however, recently reversed course and is working with Eurofins again to clear cases, according to its statement. As of Friday, the backlog had been reduced from 20,000 cases down to 15,000 cases, according to Eurofins.
"This will regrettably mean some delays to both investigations and court cases, but I want to assure the public we will continue to work diligently to mitigate the impact upon the criminal justice system and try to ensure that samples can be processed as quickly as the system allows," says Assistant Chief Constable Paul Gibson, who oversees forensics for the chiefs' association.
The attack against Eurofins started in the first week of June, when an undisclosed strain of ransomware crippled its IT infrastructure not only in the U.K. but across several other countries as well.
"Forensics investigations are ongoing, but we have identified the variant of the malware used, and it is now being recognized and when detected neutralized by our IT security solutions," according to a statement from the company in June.
Although Eurofins reported no data theft or credential stealing, the company paid a ransom to the attacker to retrieve access to its data, according to published reports. The company has not commented on the extent of the attack or the size of the ransom.
The incident remains under investigation by the the U.K.'s National Crime Agency.
Over the last several months, ransomware attacks have grown more lucrative.
In the second quarter of this year, the average ransom payment increased to $36,295, compared to $12,762 in the first quarter, according to Coveware (see: Ransomware: As GandCrab Retires, Sodinokibi Rises).
Ransomware attacks have a ripple effect across many types of organizations, notes Chris Morales, the head of security analytics at Vectra.
"If you think about the impact of disruption by targeting the supply chain, then it makes perfect sense to target associated organizations. The goal is to cause enough pain to make an organization want to pay," Morales tell Information Security Media Group.
Attacks Against Governments
Earlier this week, Texas officials warned that more than 20 local government entities have fallen victim to a coordinated ransomware attack (see: Texas Pummeled by Coordinated Ransomware Attack ). Officials have yet to release details about the attacks.
Earlier, a number of other U.S. cities, including Baltimore and Riviera Beach, Florida were targeted by ransomware attacks (see: Florida City Paying $600,000 to End Ransomware Attack ).
Managing Editor Scott Ferguson contributed this report.