SEPA presented with ransom demand following Christmas eve ransomware attack

SEPA presented with ransom demand following Christmas eve ransomware attack

SEPA, the Scottish Environment Protection Agency, has revealed that cyber criminals are trying to extort a ransom after stealing close to 1.2GB of data that included the personal information of staff as well as data associated with ongoing commercial projects.

The ransomware attack on SEPA took place on Christmas Eve and according to the agency, was likely conducted by "international serious and organised cyber-crime groups" who targeted its contact centre, internal systems, processes and internal communications.

While the ransomware attack was launched to extort a large sum of money from SEPA, it also disrupted public services, including SEPA's email service which has remained unavailable since the attack took place. The agency has only been able to restore online pollution and enquiry reporting in the past twenty days.

"Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre confirm we remain subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.
"It is now clear is that with infected systems isolated, recovery may take a significant period. A number of SEPA systems will remain badly affected for some time, with new systems required," SEPA said.

The agency said that ransomware actors stole at least four thousand internal files, amounting to 1.2GB of data, that included the personal information of staff, procurement information, such as publicly available procurement awards, information about current projects, and business information, such as publicly available regulated site permits, authorisations and enforcement notices, and some information related to SEPA corporate plans, priorities and change programmes.

"We will help businesses meet their environmental obligations and prioritise authorising economic activity. We will continue our risk-based approach to regulation, focusing the most effort on sites or sectors which require oversight or where there is a risk of criminality or organisations seeking to take advantage of the ongoing cyber-attack," it added.

Terry A'Hearn, the chief executive of SEPA, told the BBC that "partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds."

"Work continues by cyber security specialists to seek to identify what the stolen data was. Whilst we don't know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas. Some of the information stolen will have been publicly available, whilst some will not have been," he added.

ALSO READ: Ransomware hackers demanding millions from Manchester United: Report

Copyright Lyonsdown Limited 2020

Top Articles

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Hackers exploited flaws in Accellion FTA to steal data from Qualys

Qualys said hackers exploited a zero day vulnerability in Accellion's FTA to infiltrate an FTA server deployed in its DMZ environment.

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

Related Articles

Β