Cyberattack on Serco: NHS Test & Trace Contractor

by | Nov 27, 2022

According to reports, a multi-national outsourcing firm that operates part of the UK’s COVID-19 Test and Trace framework has been struck by ransomware.

Serco, headquartered in Hampshire, oversees over 500 contracts worldwide, working in sectors such as health, transportation, justice, immigration, security, and services for residents.

Serco, a British services corporation employing 50,000 people and overseeing hundreds of contracts around the world, reported to Sky News that it had suffered an attack. The company did not, however, comment on the effect or whether it had paid the ransom demand.

According to the report, the Babuk gang alleged the attack on Thursday 25 October, but Serco did not publicly acknowledge the incident until Sunday, January 31, when a spokesperson confirmed the attack.

A spokesperson for Serco said:

Cyberattack has been carried out on Serco’s mainland European sector. Our continental European business, which accounts for less than 3 percent of our overall business, was isolated from the attack. It has not influenced our UK company or the services we provide for our UK clients.

The publication also found that in the attack, the cybercriminals used the Babuk ransomware, which only gained popularity in the final few months, with little information available.

According to an NHS Digital advisory released last month, as the Babuk Loader is deployed, it seeks to “terminate various expert security, and restoration services as well as database, browser, and email programs”.

“It then encrypts all non-technical documents working with a ChaCha8 implementation on regional and network drives, the keys for which are then encrypted using a customized elliptical curve Diffie-Hellman implementation that is believed to depend on a number of components released by the US National Institute of Benchmarks and Technology”.

The cybercriminals have been “surfing within [Serco’s] network for about three weeks and copying much more than 1 TB of your data”, according to the ransom addressed to Serco.

Cybersecurity Insiders has discovered that the malware attack targeting Babuk Ransomware submitted to the VirusTotal software tool has had a profound effect on Serco’s European operations. The threat actors who threatened the company to leak the information online if the company declined to pay a ransom of $85,000 in Bitcoins allegedly stole around 1 TB of data related to NATO and the Belgian army.

While there are some unconfirmed reports that it can manipulate exposed remote desktop protocol services to gain initial access, it is currently unclear what vector Babuk brings.

The group’s members seem to be under the delusion, like many other ransomware operators, that they are not offenders, identifying themselves as “some kind of cyberpunks [sic]” who perform random Penetration testing exercises.

With the exception of private plastic surgery clinics and dental practices, the gang says it does not threaten victims with annual sales of under $4 million, or hospitals. They also claim to steer clear of all non-profit charities, except for LGBTQ+ groups, or those affiliated with Black Lives Matter, in what could be a hint as to the position of the cybercriminals.

Advice on Recovery

If ransomware infects a computer on your network, then it starts to encrypt files, which may also include remote files at network locations. Restoring all infected files from their most recent backup is the only guaranteed way to recover from a ransomware infection. Teceze advises that the effect of a ransomware infection should be limited:

  1. In several backup environments, sensitive data is often saved.
  2. At least one backup at any time is kept offline (separated from live systems).
  3. To ensure that data can be recovered when necessary, backups and incident recovery plans are checked.
  4. Permissions from the user account to change data are periodically checked and limited to the minimum possible.
  5. Infected devices are removed as soon as possible from the network and shut down.
  6. On a clean computer, any user account credentials that might have been compromised should be reset.
  7. Where it is not possible to quarantine infected systems with confidence, the affected entity should disconnect from national networks to restrict dissemination.

Prevent Your Organization from Cyberattack Today

When it comes to defending your organization from cybercrime and cyberattacks, it can be hard to know where to begin. There is so much information out there that, particularly when the information is contradictory, it can become overwhelming.

For your company and your workers, you need a solution that’s perfect. Contact us today for a no-obligation.

Assessment of cybersecurity. We can help kickstart a journey to be healthy.

To find out how we can help you protect your network and avoid cyberattacks, talk to Teceze cybersecurity specialist today.

According to reports, a multi-national outsourcing firm that operates part of the UK’s COVID-19 Test and Trace framework has been struck by ransomware.

How to get Microsoft Defender Health on Mac Fleet

Managing Macs for multiple companies gives us the opportunity to work in various environment and detect issues where it occurs first & then implement a solution for all others at the same time. Recently there was a requirement to find if there are MDD instances...

Implementing Machine Learning in IT Support Setup

Machine learning has the potential to revolutionize the way IT support businesses operate. This cutting-edge technology can be applied in a number of ways to improve the efficiency, accuracy, and speed of IT support services. Here are some ways that machine learning...

Benefits of Apple Business Managers

Apple Business Manager is a web-based platform designed to streamline the process of purchasing, deploying, and managing Apple devices within a business organization. It allows IT administrators to manage and distribute Apple devices and apps to their employees,...

Adoption of Macs in Enterprise: A Growing Trend

This image belongs to In recent years, there has been a growing trend of enterprises adopting Macs as their primary desktop and laptop computers. This shift in technology can be attributed to several factors, including...

ESG as future of IT

ESG, or environmental, social, and governance, is becoming increasingly important in the field of IT. As technology continues to advance and play a larger role in our daily lives, companies are being held to higher standards in terms of their impact on the environment...

Secure Your Mac with FileVault

FileVault is a built-in encryption tool for Macs that helps protect your data from unauthorized access by encrypting your hard drive. Enabling FileVault is a simple process that only takes a few minutes, and it can give you peace of mind knowing that your data is safe...

Is outsourcing IT to India is better or keeping it inhouse?

There are pros and cons to both outsourcing IT services to India and keeping IT within the company. Ultimately, the decision to outsource or keep IT in-house will depend on the specific needs and goals of the company, as well as the resources and capabilities...

How to be a good SCRUM Master

In an Agile development team, the Scrum Master is a crucial role that helps the team to work effectively and efficiently. A Scrum Master is responsible for facilitating the team's use of the Scrum framework and ensuring that the team is able to deliver high-quality...

Basics of Enterprise Patch Management

Enterprise patch management is the process of ensuring that all the software and applications within an organization are kept up-to-date with the latest patches and updates. This is important because software and applications are constantly being improved and updated...

Cost saving for enterprises by choosing M1 Macs

The M1 Mac has had a significant impact on the enterprise market since its release. As a highly-efficient and powerful machine, the M1 Mac has proven to be a valuable asset to businesses in a variety of industries. One of the key benefits of the M1 Mac is its improved...

CRM Is A Process, Not A Product! How Can We Make CRM A Successful Tool?

CRM (Customer Relationship Management) is software that allows businesses to manage business relationships and information associated with them. It provides a platform that manages interactions with customers, stores information about them, and automates processes...


Digital Workplace Services

Automated Tasks

 Office IT Support

Intune for Win & Mac

Citrix Virtual Apps

Mac Win iOS Android

Mac & Win Trained