Weeks after a cybersecurity incident was detected by researchers at the US National Science Foundation (NSF), a number of telescopes remain offline.

The Gemini North telescope in Hawaii and the Gemini South telescope in Chile, as well as a number of smaller telescopes on the mountains of Cerro Tololo in Chile, were shut down out of "an abundance of caution", and there is currently no word on when they will return to operation.

On the morning of August 1, IT staff at NSF's NOIRLab detected suspicious activity in its computer systems, prompting a decision to shut down operations at its giant, 8.1-meter diameter optical infrared telescopes on Hawaii's Maunakea to be safe.

The telescope's southern 'twin' in the in the Chilean Andes was already being prepared for maintenance, requiring little action.

While it's not clear what danger – if any – the telescopes themselves might have faced, the threat is a reminder of the fact that science is a costly business, with astronomical research facilities requiring annual budgets that easily run into the millions.

Each day the facilities remain inaccessible to researchers, it comes at a cost to the science community. Not just in terms of finance, but in lost data.

Astronomical studies often require precisely timed operations, so disruptions like these can potentially ruin entire research projects if enough critical observation windows are missed.

This is one of the first ransomware breaches on a science research facility, but hacks into astronomical facilities aren't unheard of.

In October 2022, for instance, hackers accessed the Atacama Large Millimeter Array Observatory in Chile via a VPN, forcing months of shutdown that cost the facility roughly US$250,000 a day.

As a suspected ransomware attack, it's believed the goal of the "particularly sophisticated" intrusion had been to extort money from the observatory's consortium of operators.

Several years before that, an unauthorized Raspberry Pi connected to computers at NASA's Jet Propulsion Laboratory provided illicit access to the Deep Space Network, prompting the Johnson Space Center to disconnect their own mission systems from the gateway altogether.

As scientific infrastructure for studying the Universe grows in size and complexity and projects expand in scale, more funding will need to go into protecting the information technology at its core as attacks become more sophisticated.

There's no official word on what might have prompted the recent NOIRLab incident.

"Quite possibly, the attacker doesn't even know they are attacking an observatory," retired lead of the NSF Cybersecurity Center of Excellence, Von Welch, told Science Magazine's Celina Zhao and Tanvi Dutta Gupta.