UK Research and Innovation (UKRI) has been hit by a ransomware attack that impacted two of its services, BleepingComputer reports. The UK government department said it’s still unsure if data were exfiltrated during the attack.

“The two services impacted are a portal for our UK Research Office (UKRO) based in Brussels and an extranet (often known as the BBSRC extranet) used by our Councils,” UKRI stated. “The UKRO portal provides an information service to subscribers. The extranet is used to support the peer review process for various parts of UKRI. To support the investigation and protect users, we have suspended these services. No other UKRI systems are impacted and the important work of UKRI is continuing. UKRI councils and a number of cross-cutting schemes use the impacted extranet for some of their peer review activity; as a result the data that has been compromised includes grant applications and review information.”

UKRI added that it’s working to discover if financial information was taken, and it will notify potential victims if this is confirmed.

“In some instances, for a limited number of UKRI review panel members, the extranet service is used to support the processing of expense claims,” the department said. “We do not yet know whether any financial details have been taken, but we will endeavour to contact panel members to advise on personal protection against possible fraud in this situation. If we do identify individuals whose data has been taken we will contact them further as soon as possible. The UKRO subscription service has 13,000 users but does not contain sensitive personal data. We are working to recover this service as soon as possible.”

BleepingComputer notes that UKRI has a budget of more than £6 billion, and as a result “the agency is an attractive target for big-game ransomware gangs that target organizations with large pockets to pay for data decryption.”

Ransomware gangs are opportunistic and indiscriminate in their targeting, and they adjust their ransom demands based on the nature of their victim. Organizations of all sizes can benefit from new-school security awareness training to help their employees identify phishing emails and other forms of social engineering attacks.