UK Forensics Company Lifts Ransomware Attack Lockdown

Eurofins, a UK-based forensics provider, recently announced that its voluntary ‘lockdown’ had been lifted. On the 2nd of June, the company’s servers got encrypted by a “highly sophisticated ransomware.”

Albeit a rumor, it would see that Eurofins had no choice but to pay the ransom in order to regain access to its database. No comments so far on how many endpoints got infected or how many Bitcoins the company had to cough up to retrieve all encrypted data.

On-going criminal investigations came to a standstill following the attack

Really bad news for Eurofins, one of the leading UK private forensics company. Following the 2nd of June malware attack, UK’s chief toxicology and DNA analysis supplier was placed under lockdown.

According to Rob Jones, the head of the National Crime Agency, the cybernetic attack that crippled the company’s server was a highly sophisticated form of ransomware. An early estimate reveals that the four-week standoff resulted in thousands of cases being postponed.

To see just how bad things are, according to NCA’s director, Eurofins handles some 70,000 cases per year; this includes toxicology reports, computer forensics, firearm, and even DNA analyses.

And yes, in case you’ve missed it, this showdown that nearly brought UK’s legal system down on its knees lasted four weeks (no comment on that).

As for the company’s resolve, well, according to inside sources the lockdown has been successfully lifted after Eurofins agreed to pay the ransom demanded by the attackers.

Yes, I am painfully aware of the fact that the first rule of negotiating with cyber-terrorists is that you never, ever negotiate with them. Paying the ransomware just makes a target ripe for picking. And don’t believe for a second that the hackers won’t try again to extort money from you.

Unfortunately, there’s not much to go on concerning the whole Eurofins imbroglio, since the company has outdone itself in keeping a lid on this whole business.

And for a good reason, I might add. According to Jones, in the wake of the ransomware attack, the authorities began withdrawing case requests. Is this the end of the line for Eurofins?

No one can say that for certain, but the authorities are seriously going with someone else until the company manages to patch all the holes in its cybersecurity network.

As for the ransomware that crippled Eurofins, your guess is as good as mine. At the moment, all I can say with the utmost certainty is that the ransomware that forced their hands was pretty good considering that it managed to circumvent detection.

So, any word from the authorities? This is what Rob Jones had to say when asked to comment on the incident:

Specialist cybercrime officers from the NCA are working with partners from the National Cyber Security Centre and the National Police Chiefs’ Council to mitigate the risks and assess the nature of this incident.

We are securing evidence and forensically analyzing infected computers, but due to the quantity of data involved and the complexity of these kinds of inquiries, this is an investigation which will take time; therefore, we cannot comment further.


Since this has been labeled as an ongoing investigation, further details are poised to pop up any time soon. So, if there are any more developments in this case, we’ll keep you updated. What’s your take on Eurofins’ security breach? Head to the comments section and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *