top of page

Hampshire based outsourcing firm Serco hit by ransomware attack

Serco, a multinational outsourcing firm in Hampshire has become the latest victim of a ransomware attack. They are currently supporting the NHS Test and Trace system.


Hampshire-based Serco employs about 50,000 staff and manages over 500 contracts worldwide. The company operates in many sectors, including health, immigration, defence, transport, justice, and citizens' services.

Marcus Deville, Serco spokesperson announced that the incident affected the company's operations in mainland Europe. He added that he believes the crime group operating Babuk ransomware were behind the attack.


An advisory was given to organisations by NHS Digital last month warning them of Babuk ransomware. This particular type of ransomware tries to stop security and recovery services from running, as well as the browser, email programmes and database.


The ransomware then encrypts all non-system files on local and network drives using a ChaCha8 implementation.


Despite the ransomware note from the group behind the attacked saying that they had been lurking inside Serco's network for about three weeks and had already exfiltrated more than one terabyte of data from the compromised systems, Deville said that there was no impact on Serco's UK business, including the Test and Trace system.


Chris White, Head of Cyber and Innovation at The Cyber Resilience Centre for the South East said: A recent study published by security firm Sophos revealed that 51% of all surveyed businesses were hit by ransomware in 2020.

“This is a number that we are continuing to see an increase and only recently it was revealed that the Scottish Environment Protection Agency (SEPA) had become another victim of this awful crime. With the average ransomware demand for a small business being around £4.3k, businesses need to be aware of the basic cyber steps that they can take to strengthen their businesses resilience against the most common types of cyber crime.


“The Cyber Resilience Centre for the South East (SECRC) is a policing-led partnership which is offering businesses in the region the chance to access free guidance and support to improve their cyber resilience. When a business signs up for the SECRC free core membership you receive a useful welcome pack that will provide you with access to national guidance on cyber security, free online resources and toolkits and a tabletop exercise to really test your business’ resilience plans against a cyber-attack. So, what are you waiting for? Sign up at www.secrc.co.uk/membership.”

Comments


NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides affordable services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • RSS feed for South East Cyber Resilience Centre
  • Threads
bottom of page