The Higher Council for Scientific Research (CSIC) suffered a cyberattack from Russia on July 16 and 17, as reported by the Ministry of Science and Innovation. The attack, which according to the Ministry has failed to seize data, was detected on July 18, which forced the initiation of a protocol for these cases. To control and resolve the attack, access to the network of various affiliated centers has since been cut off to prevent it from spreading further throughout the CSIC.
In the absence of the final report of the investigation, explains Science and Innovation, the origin of the cyberattack —of the ransomware— comes from Russia, but they assure “that no loss or kidnapping of sensitive and confidential information has been detected”. This attack is similar to that suffered by other research centers such as the Max Planck Institute or NASA in the US, according to the Ministry of Science.
Currently, only a quarter of the CSIC centers have recovered their connection to the Internet as a result of the defense protocol for these cases and they hope that in the next few days it will be restored in the rest.
The attack can be classified as ransomware. This is one of the extortion techniques preferred by cybercriminals in recent years. It consists of getting the victim to be infected with a program that is downloaded to the computer and encrypts the system, to then ask for a reward in exchange for freeing it from kidnapping (ransomware is the contraction of ransom y software, ransom, and computer program in English, respectively). The attacks by ransmoware They have multiplied since the pandemic appeared, according to numerous reports from cybersecurity companies and the National Cybersecurity Institute (Incibe).
Europe has been experiencing a rise in cyberattacks since the Ukraine war began last February. Fearing Russian attacks, Spain raised its cybersecurity alert to level three, out of a scale of five, in March. In addition, a cybersecurity committee was created, led by the National Cryptologic Center (the specific body in the matter that depends on the CNI secret service), under the umbrella of the Crisis Committee activated by the Government at the beginning of the Ukraine crisis.
The problem of the CSIC had been denounced for days by some workers of organizations dependent on the CSIC through Twitter and even in a letter to the director of EL PAÍS. In it, Pablo Chacón Montes, from the Rocasolano Institute of Physical Chemistry (IQFR-CSIC), denounced that the Spanish cybersecurity authorities, CNN and COCS, decided to disconnect the Network after a “minor and localized” attack and, as a consequence, they were inoperative. Juan Antonio Añel Cabanelas, a worker at the EPhysLab associated with the CSIC, described through their social networks of “incompetence to the maximum degree” the situation and explained that he has been using the mobile data of his device for two weeks to be able to work and that the phones do not work either.