The attack was only discovered on July 18, but was unsuccessful, according to the Ministry of Science. The attackers failed to extract data. It was discovered on July 18 that there had been a cyberattack. Therefore, the protocol for these cases was immediately activated.
Internet access closed
To contain and resolve the attack, Internet access to several affiliated centres has since been cut off. This is to prevent the attack from spreading further through the departments of the CSIC.
The final report of the investigation has not yet been completed. But according to the ministry, the attack – of the ransomware type – comes from Russia. It is said to be “certain that no loss or kidnapping of sensitive and confidential information has been discovered”.
El País writes based on statements from the ministry that this attack is similar to that of other research centres such as the Max Planck Institute or NASA in the US.
Currently, only a quarter of CSIC centres have restored their connection to the Internet as a result of the defence protocol for these cases. This will be fixed in the coming days.
Ransomware as an extortion technique
Ransomware is one of the extortion techniques liked by cybercriminals in recent years. The victim is infected with a program that is downloaded to the computer and encrypts the system. It then asks for a reward in exchange for being free from kidnapping (ransomware is the contraction of ransom and software, ransom and computer program respectively in English).
According to numerous reports from cybersecurity firms and the National Cybersecurity Institute (Incibe), the number of ransomware attacks has increased since the outbreak of the pandemic.
Cyber security alert in Spain at level 3
Europe has seen an increase in cyber-attacks since the start of the Ukraine war in February. Fearing Russian attacks, Spain raised its cybersecurity alert to level three, on a scale of five, in March. In addition, a cybersecurity committee was established. This was led by the National Cryptological Centre (the specific body in the case that relies on the secret service CNI).
The issue of the CSIC was denounced on Twitter by some employees of organisations that depended on the CSIC. It was not understood why the cybersecurity authorities, CNN and COCS decided to disconnect the network after what they described as a “minor and localised” attack.