Global Government Outsourcer Serco Hit by Ransomware

A multi-national outsourcing company that runs part of the UK’s COVID-19 Test and Trace system has been hit by ransomware, according to reports.

British services business Serco, which employs 50,000 staff and manages hundreds of contracts worldwide, confirmed to Sky News that it had suffered an attack. However, the firm did not comment on the impact or whether it had paid the ransom demand.

It did claim, however, that only its mainland European operations were impacted, meaning NHS Test and Trace was unaffected.

The news site caught wind of the incident after spotting a sample of the Babuk ransomware uploaded to VirusTotal. Apparently included was the ransom note addressed to Serco, in which the attackers claimed: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data.”

The note reportedly hinted that Serco partners such as NATO and the Belgian army may have had documents exposed in the attack. However, there’s no evidence of any stolen information being published online as yet.

There’s relatively little information on new variant Babuk, although ransom fees are said not to have exceeded $85,000 in attacks to date. Its leak site claims the group doesn’t target hospitals, schools or companies with less than $4m in annual revenue, according to security vendor Cyberint.

Serco’s revenue of over £3 bn in 2019 would have made the company an attractive target for ransomware.

The NHS Test and Trace program has been frequently criticized for slow test results and ineffective contact tracing. The government’s decision to centralize the process and bring the private sector in to run it rather than draw on the experience of local health authorities, also exasperated many experts.

However, health secretary Matt Hancock tweeted last week that over 90% of test results are being returned the next day and the same number of contacts are being reached and told to self-isolate.

What’s Hot on Infosecurity Magazine?