Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency

Almost a month on from the initial attack, the Scottish Environment Protection Agency's (SEPA) systems remain offline - and data stolen from the organisation has been published by hackers.

How ransomware could get even more disruptive in 2021

The Scottish Environment Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and is continuing to feel the impact.

SEPA's contact centre, internal systems, processes and internal communication have all been affected by the attack, which hit on Christmas Eve. The organisation, which is Scotland's government regulator for protecting the environment, has also confirmed that 1.2GB of data has been stolen as part of the attack – including personal information relating to SEPA staff.

Despite the ransomware attack, SEPA's ability to provide flood forecasting and warning services, as well as regulation and monitoring services, has continued.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)    

But while the infected systems have been isolated, SEPA's latest update on the ransomware attack says that recovery will take a "significant period" and that a number of systems will "remain badly affected for some time" with entirely new systems required. SEPA has blamed the ransomware attack on "serious and organised" cyber criminals.

"Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident," said Terry A'Hearn, Chief Executive of SEPA.

"Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds."

While the organisation itself hasn't confirmed what form of ransomware it has fallen victim to, the cyber-criminal group behind Conti ransomware has published what it claims to be data stolen from the Scottish government agency.

Stealing data has become increasingly common for ransomware gangs. They use the stolen data to double-down on attempts at extortion by threatening to leak the information if the victim doesn't give into the ransom demand of hundreds of thousands, or even millions, of dollars in bitcoin in exchange for the decryption key.

SEE: Cybersecurity: This 'costly and destructive' malware is the biggest threat to your network

SEPA hasn't yet detailed how cyber criminals were able to break into the network to deploy ransomware and the investigation into the incident is still ongoing.

"We are aware of this incident affecting the Scottish Environment Protection Agency and are working with law enforcement partners to understand its impact," an NCSC spokesperaon told ZDNet.

Ransomware has become one of the most disruptive and damaging cyberattacks an organisation can face and cyber criminals show no signs of slowing down ransomware campaigns because, for now at least, ransomware gangs are still successfully extorting large payments out of victims.

MORE ON CYBERCRIME