Over Christmas, Aspiration Training suffered a ransomware attack on part of our network in one of our data centres. The network was isolated, and data was recovered.
We immediately informed the ICO, Action Fraud and the National Cyber Crime division, and the police. We are following ICO requirements, and we continue to work with all relevant agencies as part of our ongoing investigation.
At this stage, we are aware that the attackers managed to penetrate a small area of our network, although our data is encrypted, we cannot be sure that the attackers did not access and download a small amount of data.
It is an unfortunate statistic that roughly 40% of organisations in the UK will be targeted by a cyber-attack daily. These attacks are conducted by determined criminals with sophisticated software and use the dark web to conduct their activity.
As part of our organisational risk planning, a ransomware attack had been identified as a risk to our business and we had operational and business continuity plans in place. Undoubtedly our speed of response to the incident and implementing our disaster recovery plan, enabled us to contain the situation, robustly defend our systems against further attack and reduce the impact of the initial activity. Our systems were operational again with minimal impact and downtime.
As an organisation we are accredited as Cyber Essentials Plus, however, it is a sad fact of life that cyber criminals still find ways of breaking in and stealing data. Our investigation into the ransomware attack is still ongoing and we are working diligently to identify the specific details of the data impacted. For further assistance please contact our dedicated support team at [email protected]
