A provider of social housing based in the UK has suffered a ransomware attack by prolific phishing strain Sodinokibi, otherwise known as REvil.

Housing association Flagship Group revealed the incident after taking almost all of its systems offline. The group said it had acted quickly but some personal customer and staff data has been compromised.

In a statement, the group – which owns more than 30,000 homes in the east of England – said the malicious activity was caused by well-known ransomware strain, Sodinokibi, via a suspected phishing attack.

A spokesperson said the group does not yet have a “complete picture of all the data that has been encrypted.”

The housing group says a “detailed forensic analysis” has been conducted and it is working towards recovery of its systems. It add that with the help of law enforcement, “We have been able to restore several internal systems and are now working towards resuming normal operations as quickly as possible.”

Many of the group’s systems were still offline as of this morning (10th November).

Sodinokibi (REvil) encrypts important files and demands ransom to decrypt them. Earlier this year REvil published passport scans of staff from British company Elexon; was identified targeting hospital VPNs; and claimed to possess files from American celebrity lawyer Allen Grubman’s computer systems.

David McQuade, chief executive of Flagship Group, said: “Over the past few days, the incident has caused considerable disruption to our staff and customer services and we are concentrating on emergency situations, to ensure our customers are safe. Our teams are working tirelessly around the clock to bring our systems back online, and we apologize for any inconvenience this may have caused.”

Flagship Group notified the Information Commissioner’s Office (ICO), Action Fraud and the Regulator of Social Housing, and contacted the National Cybersecurity Centre and National Crime Agency for guidance.