SEPA continues to assess fallout from ransomware attack

The Scottish Environment Protection Agency (SEPA) is continuing to count the cost of an ongoing ransomware attack that it believes is likely to be by international serious and organised cyber-crime groups. The agency also confirmed the theft of 1.2 GB of data and the support available to staff and affected partners, while seeking to reassure the public that regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.

The agency confirmed that following the attack at 00:01 on Christmas Eve, business continuity arrangements were immediately enacted and the agency’s emergency management team was working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond to what is complex and sophisticated criminality.

SEPA says that it has become clear that with infected systems isolated, recovery may take a significant period. A number of systems will remain badly affected for some time, with new systems required. Email systems remain impacted and offline. Information submitted to SEPA by email since Christmas Eve is not currently accessible and whilst online pollution and enquiry reporting has now been restored, information submitted in the early stages of the attack is currently not accessible.

Despite systems being certified to UK Government security standards, cyber security specialists have also identified the loss of around 1.2GB of data. Whilst, by comparison, this is the equivalent to a small fraction of the contents of an average laptop hard drive, indications suggest that at least four thousand files may have been accessed and stolen by criminals.

Terry A’Hearn, SEPA chief executive, said: “We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cyber security professionals day and night since Christmas Eve.”

“Work continues by cyber security specialists to seek to identify what the stolen data was. Whilst we don’t know and may never know the full detail of the 1.2GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas. Some of the information stolen will have been publicly available, whilst some will not have been.”

Among the potential compromised information are details relating to businesses, procurement, projects, and staff. SEPA says that staff members affected to date have been notified, are being supported and are being given access to specialist advice and services. Support, including specialist advice from Police Scotland and mitigation services, is also being offered to staff across the organisation.

A’Hearn added: “Whilst the actions of serious and organised criminals means that for the moment we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1,200 staff who day in, day out work tirelessly to protect Scotland’s environment.

“Sadly, we are not the first and won’t be the last national organisation targeted by likely international criminals. Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”

    Share Story:

Recent Stories

Are property insurers ready for timber
The Structural Timber Association is gearing up to help all stakeholders in the construction supply chain to fully appreciate the advantages of building in timber, how to deliver such projects and most importantly to understand and manage the risks.

The changing face of BC and WAR
The working environment has changed quite dramatically for many over the last six months. With social distancing and the rise of homeworking, it is not just how businesses operate that has changed, but also how they recover. In this podcast we discuss some of the challenges created by the quick shift to home working, why the office may not have seen its last days and how the current environment can impact the ability of a business to recover.