The Higher Council for Scientific Research (CSIC) suffered a cyber attack from Russia on July 16-17, the Ministry of Science and Innovation reported. The attack, which the ministry said no data was seized, was discovered on July 18, forcing a protocol to be initiated for these cases. In order to control and resolve the attack, access to the network of various affiliated centers has since been blocked to prevent further spread throughout the CSIC.
In the absence of the final report of the investigation, Science and Innovation explains the origin of the cyber attack – the ransomware– is from Russia but assures “no loss or hijacking of sensitive and confidential information has been detected”. This attack is similar to that suffered by other research centers such as the Max Planck Institute or NASA in the US, according to the Ministry of Science.
Currently only a quarter of the CSIC centers have restored their connection to the internet due to the defense protocol for these cases and they hope that it will be restored in the rest in the next few days.
The attack can be classified as ransomware. This is one of the extortion techniques preferred by cyber criminals in recent years. It consists in infecting the victim with a program that is downloaded onto the computer and encrypts the system, and then demands a reward for freeing it from the hijack (ransomware is the contraction of hostage Y software, ransom and computer program in English). The attacks of ransomware They have multiplied since the outbreak of the pandemic, according to numerous reports from cybersecurity companies and the National Cybersecurity Institute (Incibe).
Since the start of the Ukraine war last February, Europe has seen an increase in cyber attacks. Fearing Russian attacks, Spain raised its cybersecurity alert from a scale of five to level three in March. In addition, a cybersecurity committee was set up under the umbrella of the Crisis Committee set up by the government at the start of the Ukraine crisis, headed by the National Cryptological Center (the specific body on the matter that depends on the CNI intelligence agency).
The problem of the CSIC was denounced for days by some employees of the organizations dependent on the CSIC via Twitter and even in a letter to the director of EL PAÍS. In it, Pablo Chacón Montes of the Rocasolano Institute of Physical Chemistry (IQFR-CSIC) denounced that Spanish cybersecurity agencies CNN and COCS had decided to disconnect the network after a “minor and localized” attack and as a result they were out of service. Juan Antonio Añel Cabanelas, a collaborator at CSIC-affiliated EPhysLab, described through their social networks of “highest incompetence” the situation and explained that he has been using his device’s mobile data to be able to work for two weeks and that the phones are not working either.