Cyber Incident Victim: UK Research and Innovation

On January 28, 2021, UK Research and Innovation (UKRI) experienced a cyber attack that encrypted data across multiple web assets. The organization confirmed the incident as a ransomware attack involving unauthorized third-party encryption of its systems. UKRI promptly notified UK authorities, including the National Crime Agency, the National Cyber Security Centre, and the Information Commissioner’s Office. Initial investigations could not determine whether attackers had extracted data prior to encryption. The attack specifically disrupted two critical services: the UK Research Office (UKRO) subscription portal based in Brussels and the Biotechnology and Biological Sciences Research Council (BBSRC) extranet used by UK Councils. UKRI publicly acknowledged the incident on January 29 through an official statement, emphasizing ongoing forensic efforts to assess data compromise while prioritizing service restoration.

The attack caused operational disruptions to the UKRO portal, which served 13,000 users but reportedly stored no sensitive personal data. UKRI implemented temporary mitigation measures, directing users to contact UKRO via email ([email protected]) while restoration work continued. The BBSRC extranet outage risked delays to peer review processes supported by the system. UKRI committed to restoring all affected services urgently and providing alternative support mechanisms to minimize operational impacts. No ransomware group claimed public responsibility during the initial disclosure period. UKRI maintained a posture of regular updates to stakeholders as recovery progressed, without disclosing technical specifics of the attack vector, ransom demands, or data types potentially encrypted beyond the confirmed systems.