The UK’s biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.
Eurofins Scientific was infected with a ransomware computer virus a month ago, which led British police to suspend work with the global testing company.
At the time, the firm described the attack as “highly sophisticated”.
BBC News has not been told how much money was involved in the ransom payment or when it was paid.
The National Crime Agency (NCA) said it was a “matter for the victim” as to whether a ransom had been paid.
The agency, which is investigating the attack, said: “As there is an ongoing criminal investigation, it would be inappropriate to comment.”
Eurofins previously said the attack was “well-resourced” but three weeks later said its operations were “returning to normal”.
It said it would also not comment on whether a ransom had been paid or not.
It added it was “collaborating with law enforcement” in the UK and elsewhere.
The ransomware attack hit the company, which accounts for over half of forensic science provision in the UK, on the first weekend in June.
Ransomware is a computer virus that prevents users from accessing their system or personal files. Messages sent by the perpetrators demand a payment in order to unlock the frozen accounts.
Eurofins deals with over 70,000 criminal cases in the UK each year.
It carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.
Forensic science work has been carried out by private firms and police laboratories in England and Wales since the closure of the government’s Forensic Science Service in 2012.
‘Court hearings postponed’
An emergency police response to the cyber-attack was led by the National Police Chiefs’ Council (NPCC) to manage the flow of forensic submissions so DNA and blood samples which needed urgent testing were sent to other suppliers.
It has led to delays in forensic science provision and is understood to have caused some court hearings to be postponed because information on the results of analysis conducted by Eurofins was not accessible.
The ransom is likely to have been paid between 10 June, when Eurofins issued a lengthy statement about the attack, and June 24 when it published an optimistic update, saying it had “identified the variant of the malware used” in the attack and had strengthened cyber-security.
It said: “We are continuing to work intensively with leading cybersecurity experts to further secure our current systems and infrastructure and to add enhanced security features and measures to protect our systems and data.”
“The investigations conducted so far by our internal and external IT forensics experts have not found evidence of any unauthorised theft or transfer of confidential client data.”
The NPCC refused to comment on the ransom payment but police sources said “excellent progress” had been made in dealing with the fall-out of the cyber attack.
Police and law enforcement agencies in the UK are still not submitting new samples to Eurofins for analysis but the company says it is working towards giving them the assurances they need for fresh work to restart.
The Crown Prosecution Service said: “We are working to make sure all hearings remain fair and based on reliable evidence. While investigations are ongoing, prosecutors will assess the impact on a case by case basis.
“Cases where forensic evidence does not play a major role will continue as usual if all parties agree.
“If test results provided by Eurofins are central, we will seek to adjourn cases for the shortest possible period.”
Eurofins is the third major forensic science problem to hit law enforcement following the collapse of Key Forensic Services and a criminal investigation into alleged irregularities at Randox Testing.