Eurofins Scientific, an international group of laboratories headquartered in Brussels, revealed that a ransomware attack disrupted some of its IT systems.
On 3 June, the food, pharmaceutical and environmental laboratory testing provider revealed that its IT security monitoring teams had discovered a ransomware attack over the weekend that had affected several of its IT systems.
IT teams responded in accordance to the group’s incident response policies by taking some servers and systems offline to contain the spread of “this new version of malware.” As of this writing, however, it’s unclear to what family of ransomware this particular strain belongs or how it distinguishes itself as a new variant.
Eurofins Scientific said these mitigation efforts are ongoing as IT teams work to restore IT operations for member laboratories. As quoted in its statement:
Eurofins IT teams are working hard to quickly resolve the situation and to resume the high level of service expected from all Eurofins companies. This includes installing additional protections against this new variant of malware which were received over the weekend and restoring affected systems from backups after appropriate security verifications.
The company continued by apologizing for the potential disruption or delays which affected laboratories might be suffering as a result of the ransomware infection. For the sake of transparency, it said that each group company concerned would be contacting customers with further information about the the attack.
This isn’t the first time a laboratory collective has suffered a ransomware attack. In July 2018, for instance, the Wall Street Journal reported that Laboratory Corporation of America Holdings, more commonly known as LabCorp, had suffered an infection at the hands of SamSam.
Both of these attacks highlight how all organizations, including research institutions, need to protect themselves against ransomware. They can do so by backing up their critical data on a regular basis and taking additional steps to prevent a crypto-malware infection. This resource is a good place to start towards that end.