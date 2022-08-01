Pablo Chacón Montes is part of the CSIC staff; specifically, he is the principal investigator of his Structural Bioinformatics research group. And today it has been news for a ‘letter to the director’ published in the ABC newspaper, entitled ‘Incredible but true’in which it was revealed that said body —remember, the main scientific research organization in Spain—has been without Internet access (or telephone) for two weeks, due to a cyberattack…

…and no person in charge has yet put on the table a possible date for the restoration of said access. According to the letter, the disconnection “sine die” was a decision made -as usual in these cases-, by the two main cybersecurity authorities in the countrythe CCN (National Cryptologic Center, dependent on the CNI) and the COCS (Cybersecurity Operations Center, dependent on the First Vice President of the Government).

Chacón was not the first researcher to speak publicly on the subject —several of them had already echoed the incidence in networksin tweets with little repercussion—but he was the first to bring the issue to the mainstream media:

“Shameful, the main research agent is inoperative and nobody cares. Research projects delayed, communications cut, CSIC administration blocked, thousands and thousands of euros in losses. A cut of these characteristics is unthinkable in centers such as EMBL, CNRS, POT…”.

Attack of #ransonware in @csic which has us already 2 weeks without internet access. Can you imagine that this would happen in a large company, like this, an electric company? It would be in all the newspapers. But no, we are only 11,000 workers (more stays, etc…) — Aitana (@AitanaTamayo) August 1, 2022

“We have suffered a ransomware attack. […] Services are being shielded to avoid repetitions [del ataque]”, Explain Antonio Turiel, from the Institute of Marine Sciences of the CSIC. Y expands Another researcher, Germán Tortosa, from the Zaidín Experimental Station:

“The computer colleagues explained the situation to us: the attack was contained by disconnecting us all at the same time and now they are checking all the CSIC equipment one by one, which is not done quickly. They asked us for patience”.

They saw it coming…, and even so, the researchers have to resort to their mobile data rate

nine days agothe Crónica Global newspaper already echoed that the CSIC had been the object, during the weekend of July 15 to 17, of a ransomware cyberattack that had brought down the organization’s electronic headquarters, managed to cut the private network that connects its centers with the Madrid headquarters —with the aim of serving as a ‘firewall’—, and left inaccessible several of the websites of the entities dependent on the CSIC.

Good time for them to attack the data network of the @csic and cut off all connection with our servers in @C_Astrobiology. That’s where the data stays @ESA_Webb… – Pablo Pérez González (@PGPerezGonzalez) July 24, 2022

Now, just starting the month of August, the websites seem to be all recovered, but connectivity is still conspicuous by its absence (researchers continue using their mobile data connection). And the problems go much further. According to David Arroyoformer system administrator and researcher at the Cryptography and Information Security Research Group (GiCSI):

“The problem is that there is no access to the computing structure “deployed on the SGAI infrastructure [Secretaría General Adjunta de Informática]”.

This computing structure is necessary for conducting scientific simulations. In addition, the stream itself Explain why the CSIC cannot pretend to be surprised by what happened:

“It is not the first ransomware-type attack that the CSIC has received. In fact, at the beginning of the Russian invasion of Ukraine we were told to ‘turn off the computers for the weekend’. That order was already an indication that there was a problem with early threat detection services. How can it be understood that in the face of a notice of this nature, the installation of the EDR systems that are now being deployed quickly and running will not be carried out?

Neither the CCN, nor the COCS nor the CSIC officially confirmed the existence of the cyberattack two weeks ago, and they have not commented until now about the disconnection of the network in the scientific organism. Nor have we, after having contacted them, received any comments from them regarding this matter. We will update this piece if the situation changes.