Spanish research agency still recovering after ransomware attack

The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers.

CSIC is a state agency for scientific research and technological development part of the Spanish Ministry of Science and Innovation but with a special status in that it has “its own assets and treasury, functional and managerial autonomy.”

Most centers still disconnected

In a statement on Tuesday, the agency said that the ransomware attack occurred on the weekend of July 16-17 and it was detected on Monday, July 18.

Immediately after identifying the intrusion, the protocol from the Cybersecurity Operations Center (COCS) and the National Cryptologic Center (CCN) was activated.

The agency notes that it followed the protocol and isolated from the network several of its research centers in an effort to control the attack and prevent it from spreading to segments that had not been impacted directly.

At the moment most of the agency’s centers are still disconnected and unavailable as just a little over 25% of them are online.

“To date, just over a quarter of the CSIC centers already have a connection to the network and in the next few days it will be restored throughout the network of centers”

CSIC does not say if any of its systems were encrypted. The investigation into the incident is ongoing but the team in charge found no indication that the attacker stole sensitive or confidential information.

The experts pointed out that the cyberattack originated from a Russian threat actor. While not entirely clear, the agency appears to indicate that the attack was the work of a cybercriminal gang.

This attack is similar to that suffered by other research centers such as the Max Planck Institute or the United States National Aeronautics and Space Administration (NASA)

The Max Planck Society is a non-profit association of German research institutes and among the most prestigious in the world, with dozens of its scientists being Nobel Laureates.

In July, the organization disclosed that systems of its Institute for Plasma Physics were infected with Emotet malware.

In 2020, the DoppelPaymer ransomware gang claimed to have breached DMI, a provider of IT services and an IT contractor for NASA.