Eurofins Scientific, another Ransomware victim

The most recent high profile case of a cyber-attack involves Eurofins Scientific, a company that accounts for over half of the UK’s forensic science provision.

The company stated it was the target of a ‘highly sophisticated’ ransomware attack on the 2nd of June and is under criminal investigation. As a result the police have stopped all work with Eurofins. The repercussions of this are huge, as Eurofins normally processes more than 70,000 criminal cases including DNA testing, firearms testing, toxicology analysis and computer forensics for police forces across the UK. Other forensic firms have increased their workload to deal with the backlog of cases but some are still being delayed as police are overwhelmed with cases, and many court hearings have been postponed. To add insult to injury, the Telegraph claimed a few weeks before this attack ‘a House of Lords report warned that the provision of forensic science in England and Wales has reached breaking point, risking crimes going unsolved and miscarriages of justice occurring.’

Ransomware is a type of malicious computer programme which either publishes or bocks access via encryption to a computer system until a sum of money is paid. The National Crime Agency (NCA) is conducting an investigation into the attack supported by the National Cyber Security Centre (NCSC). ‘Our priority is to limit harm to the UK and the Public’ the NCSC announced on June 21st.

It is clear from this attack that simple precautions such as keeping back-ups must take place regularly in data-reliant businesses. With the recent rise of successful ransomware attacks, and the vast amounts of money taken from victim organisations, the rate of these types of malware attacks are only going to increase. Sandip Patel QC of OSP Cyber Academy states that “Ransomware is a global threat, which will only intensify unless organisations purge themselves of a culture of complacency, adopt appropriate cyber hygiene measures and never pay ransomware attackers.” Having a recent back-up to restore data to the format previous to the attack would have saved a lot of time and resources.

Although there is no evidence or confirmation from Eurofins Scientific themselves, the BBC report than Eurofins have in-fact paid a ransom. Hackers are criminals – criminals cannot be trusted to honour an agreement. Approximately 70% of companies who pay a ransom fee do not get their data back. Moreover as Sandip Patel QC argues, money that is paid only fuels further crime operations; “In my view, giving in to the attackers’ demands only rewards them for their malicious deeds and breeds more attacks.”

The Eurofins case is just one of many issues to impact the forensic provision, following alleged drug test manipulation and the collapse of Key Forensic Services.