Threat Actor Targets Outsourcing Firm Serco Via Babuk Ransomware

The outsourcing company responsible for NHS Test and Trace system in the UK confirmed this week that it was targeted by the threat actors running the recently-discovered Babuk ransomware. 

Serco, a British services business manages over 500 contracts globally and employs nearly 50,000 people. It operates in sectors like transport, justice, health, citizen services, immigration, and defense. The firm confirmed to Sky News that it had suffered an attack but Test and Trace were not affected by the attack. Serco’s spokesperson said its European systems were detached from those in the UK, therefore the UK system is unaffected by the attack.

If the Test and Trace system would have been affected by an attack then it would add to an increasing number of incidents that have influenced the system since its launch in May 2020. Sky News learned about the incident after noticing a sample of the Babuk ransomware uploaded to VirusTotal. Threat actors attached the ransom note addressing Serco: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data”. 

“Your partners such as NATO or Belgian Army or anyone else won’t be happy that their secret documents are in free access in the internet”, it further reads. As per the reports of security vendor Cyberint, the cybercriminal group doesn’t target schools, hospitals, or companies with annual revenue of less than $4m. Cybercriminal group also asserts to steer clear of any non-profit charities with the exception of LGBTQ+ organizations or those linked with Black Lives Matter.

The NHS and Trace system has faced a lot of criticism in the recent past for slow test results and unproductive contact tracing and the government’s move to bring in the private sector to operate it instead of showing confidence in the local health authorities has also annoyed many health experts.