Ransomware scum infect Comic Relief server: Internal systems taken down

Nothing funny about stealing from a charity

Sad, disappointed-looking baby. Photo by Shutterstock

Comic Relief’s internal systems are down for the third day running after a ransomware attack on one of the charity’s servers on Wednesday.

Founded in 1985 by comedy scriptwriters, the charity behind the UK’s Red Nose Day telethon took down all of its internal systems in the wake of the attack. An email sent on Wednesday to the charity’s staff from Zennon Hannick, its CTO, confirmed that “there has been a ransomware attack on one of Comic Relief’s servers.”

Staffers were told there would "no access to other external systems such as the internet, Citrix or webmail".

Workers at the charity were told to work from home if they needed internet access, which is not expected to be available on the premises until lunchtime today.

“[T]he information held on this server has been encrypted and we cannot access it,” Hannick's email continued.

“However the good news is the files held on this server are only copies of information we hold elsewhere on our network drives. The IT and Data teams along with external specialists are continuing their investigation to ensure we understand all the implications of this attack,” the CTO's email added.

Comic Relief’s systems are completely unable to access the outside world at the moment, although the team is attempting to put in place security measures to restore such access.

Users' passwords have all been expired, and users will be requested to provide a new "strong" password which is more than eight characters long, and includes a mix of upper and lowercase letters, special characters and a number.

Neither Citrix nor Comic Relief had responded to The Register's requests for comment at the time of publication. We'll update when we hear more. ®

Updated at 15:43, September 16 to add: A Comic Relief spokesperson said: "Comic Relief is investigating a criminal ransomware attack on a discrete part of our IT network. We have been working with a specialist cyber security company to assess the situation in detail and are taking proactive steps to augment our security.

"The attack appears to have been isolated and at present we have found no evidence that any information or data has been stolen. However, we are continuing to carry out a thorough forensic investigation of all our IT systems to assess the full extent of the situation and are taking additional precautions to protect the security of all the information that we hold.

“Comic Relief has always taken information security extremely seriously and have worked with cyber security experts to ensure we have the most robust systems and security practices in place to protect our network and the information we hold. These systems are rigorously tested and under constant review to ensure that they continue to evolve to respond to ever-changing cyber threats.

"When we have more details about this matter we will share them with the relevant authorities.”


Biting the hand that feeds IT © 1998–2017