NCA investigating destructive ransomware attack on Eurofins Scientific
26 June 2019
The National Crime Agency (NCA) has announced that it is leading criminal investigation into the destructive ransomware attack on Eurofins Scientific that affected IT systems in several countries even as the firm is assuring customers that the vast majority of affected laboratories’ operations have been restored.
Brussels-based Eurofins Scientific owns a network of over 800 laboratories across 47 countries and is a world leader in providing testing and support services to the pharmaceutical, food, environmental, agriscience and consumer products industries and to governments. Over the years, the firm has been able to detect various forms of contaminants in processed food and has also thwarted the counterfeiting of food products.
Ransomware attack impacted IT systems in several countries
On June 5th, Eurofins Scientific announced that its IT systems located in several countries were impacted by a massive ransomware attack that forced its IT teams to turn many systems and servers offline to limit the spread of the ransomware infection. The company instantly alerted authorities about the cyber incident and took steps to mitigate its impact.
Earlier this week, the company announced in a fresh press release that the vast majority of affected laboratories’ operations had been restored, that all IT systems were up and running and that only a few back offices and software development systems were undergoing restoration.
“Forensics investigations are ongoing but we have identified the variant of the malware used and it is now being recognised and when detected neutralized by our IT security solutions as updated with the versions released on Sunday June 2nd and thereafter.
“The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data. The security of our client data and of all our IT systems is of the utmost importance to Eurofins,” Eurofins said.
“The impact of this attack on our financial results may unfortunately be material especially for Q2 but at this point, it is still too early to evaluate the net potential financial impact of this incident on our operations as well as the proportion of revenue losses that will be mitigated by reimbursement from our insurers.
“It is also too early to evaluate what proportion of the lost work days in the affected companies has already been or can be caught back over the next few days and weeks, including through additional shifts and weekend work,” it added.
Commenting on the ransomware attack that targeted IT systems belonging to Eurofins, Dan Sloshberg, Senior Director Product Marketing at Mimecast said that the attack shows that no business is immune to the disruptive threat of ransomware.
“Although most ransomware cases are financially motivated, in this case there’s a possibility that other factors are in play. There could be intent to wreak havoc by disrupting and tampering with evidence.
“This case should provide a stark reminder that a comprehensive cyber resilience strategy is vital. Businesses need to be proactive rather than reactive in their cybersecurity approach, with technology defences supplemented by all staff being given security awareness training to help prevent ransomware infecting systems.
“What’s more, a data recovery protocol must be established so that everyone understands their role and responsibilities should the worst happen. To support this, there needs to be a way critical data and operations can be recovered quickly and efficiently,” he added.
NCA to investigate ransomware attack on Eurofins
The UK’s National Crime Agency recently announced that it is leading criminal investigations into the ransomware attack on Eurofins that disrupted operations and caused severe downtime at laboratories located in several countries.
“The National Crime Agency is leading the criminal investigation into a recent cyber incident that has affected Eurofins Scientific. Specialist cyber-crime officers from the NCA are working with partners from the National Cyber Security Centre and the National Police Chief’s Council to mitigate the risks and assess the nature of this incident,” said Rob Jones, Director of threat leadership at the NCA.
“We are securing evidence and forensically analysing infected computers, but due to the quantity of data involved and the complexity of these kinds of enquiries, this is an investigation which will take time, therefore we cannot comment further at this time,” he added.