The UK’s largest police forensic contractor, Eurofins Scientific, has admitted to paying hackers to release their encrypted data after falling foul of a cyber-attack recently.

Hackers broke into Eurofins computer systems to install software on their networks known as ‘Ransomware’. Ransomware encrypts the contents of computer hard drives making it almost impossible to retrieve unless you know the encryption password which the hackers will sell you for a fee.  The amount paid in this case was not disclosed.

Eurofins own statement https://www.eurofins.com/media-centre/press-releases/2019-06-03-8/ describes how their security procedures were enacted upon discovering the malware variant to limit the impact but it did manage to get past their protection systems and encrypt valuable company information.  It goes on to say how new protections are to be added to protect against this “new variant of malware”.

Protecting against this type of attack can only be done ahead of time, encrypted data must either by bought back from the hackers or written off, which may be in breach of GDPR regulations depending on its contents.

An offsite, cloud backup system and more robust network security would have protected Eurofins from this ransomware attack if it was implemented proactively.  Steve Vickerman, MD of Netpoint Solutions Ltd and IT security specialist, was quoted as saying: “All companies should take heed of Eurofins misfortune and ensure their own protection systems are in order.”