SEPA continues to assess fallout from ransomware attack

The Scottish Environment Protection Agency (SEPA) is continuing to count the cost of an ongoing ransomware attack that it believes is likely to be by international serious and organised cyber-crime groups. The agency also confirmed the theft of 1.2 GB of data and the support available to staff and affected partners, while seeking to reassure the public that regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.

The agency confirmed that following the attack at 00:01 on Christmas Eve, business continuity arrangements were immediately enacted and the agency’s emergency management team was working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond to what is complex and sophisticated criminality.

SEPA says that it has become clear that with infected systems isolated, recovery may take a significant period. A number of systems will remain badly affected for some time, with new systems required. Email systems remain impacted and offline. Information submitted to SEPA by email since Christmas Eve is not currently accessible and whilst online pollution and enquiry reporting has now been restored, information submitted in the early stages of the attack is currently not accessible.

Despite systems being certified to UK Government security standards, cyber security specialists have also identified the loss of around 1.2GB of data. Whilst, by comparison, this is the equivalent to a small fraction of the contents of an average laptop hard drive, indications suggest that at least four thousand files may have been accessed and stolen by criminals.

Terry A’Hearn, SEPA chief executive, said: “We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cyber security professionals day and night since Christmas Eve.”

“Work continues by cyber security specialists to seek to identify what the stolen data was. Whilst we don’t know and may never know the full detail of the 1.2GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas. Some of the information stolen will have been publicly available, whilst some will not have been.”

Among the potential compromised information are details relating to businesses, procurement, projects, and staff. SEPA says that staff members affected to date have been notified, are being supported and are being given access to specialist advice and services. Support, including specialist advice from Police Scotland and mitigation services, is also being offered to staff across the organisation.

A’Hearn added: “Whilst the actions of serious and organised criminals means that for the moment we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1,200 staff who day in, day out work tirelessly to protect Scotland’s environment.

“Sadly, we are not the first and won’t be the last national organisation targeted by likely international criminals. Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”

    Share Story:

Recent Stories

Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021