Serco confirms Babuk ransomware attack

Serco run a number of government systems here in the UK. I trust the government is conducting a review of their security posture as I type…:

[…] The Babuk gang claimed the attack on Thursday 25 October, according to information shared with Computer Weekly, but Serco did not publicly acknowledge the incident until Sunday 31 January, when a spokesperson confirmed the attack to Sky News.

Serco’s spokesperson told the news channel that its European systems were isolated from those in the UK and so there had been no impact on any of its UK operations.

In the ransom note, Babuk’s operators claimed to have had access to Serco’s systems for three weeks, and to have already exfiltrated a terabyte of data. The cyber criminals made specific references to Serco partners, including Nato and the Belgian Army, and threatened Serco with consequences under the General Data Protection Regulation (GDPR)

Although the NHS Test and Trace programme was unaffected by the incident, ThreatConnect EMEA vice-president Miles Tappin said the vulnerabilities in Serco’s wider systems were of great concern, and the Babuk attack exposed “inherent weaknesses of the system”.

[…]

Original article