SEPA, the Scottish Environment Protection Agency, has revealed that cyber criminals are trying to extort a ransom after stealing close to 1.2GB of data that included the personal information of staff as well as data associated with ongoing commercial projects.
The ransomware attack on SEPA took place on Christmas Eve and according to the agency, was likely conducted by “international serious and organised cyber-crime groups” who targeted its contact centre, internal systems, processes and internal communications.
While the ransomware attack was launched to extort a large sum of money from SEPA, it also disrupted public services, including SEPA’s email service which has remained unavailable since the attack took place. The agency has only been able to restore online pollution and enquiry reporting in the past twenty days.
“Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre confirm we remain subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.
“It is now clear is that with infected systems isolated, recovery may take a significant period. A number of SEPA systems will remain badly affected for some time, with new systems required,” SEPA said.
— Terry A’Hearn 🏴🌏🇦🇺 (@TerryAHearn) January 14, 2021
The agency said that ransomware actors stole at least four thousand internal files, amounting to 1.2GB of data, that included the personal information of staff, procurement information, such as publicly available procurement awards, information about current projects, and business information, such as publicly available regulated site permits, authorisations and enforcement notices, and some information related to SEPA corporate plans, priorities and change programmes.
“We will help businesses meet their environmental obligations and prioritise authorising economic activity. We will continue our risk-based approach to regulation, focusing the most effort on sites or sectors which require oversight or where there is a risk of criminality or organisations seeking to take advantage of the ongoing cyber-attack,” it added.
Terry A’Hearn, the chief executive of SEPA, told the BBC that “partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
“Work continues by cyber security specialists to seek to identify what the stolen data was. Whilst we don’t know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas. Some of the information stolen will have been publicly available, whilst some will not have been,” he added.