Cybercriminals Publish Digital Files Stolen from Sepa
The Scottish Environment Protection Agency (Sepa) revealed that the criminals behind the ransomware cyber-attack on Christmas Eve had published some of the data online.
About at least 4,000 files may have been stolen which was 1.2 GB of data and about 1,000 people have looked at the documents. Sepa revealed that the theft of the digital was the equivalent to the contents of an average laptop hard drive.
Sadly for Sepa, this is far from over. By the looks, the files that the hackers stole and encrypted, Sepa will have loads of work ahead to try to recover important documents and spreadsheets from backups and rebuild their records.
The attack locked Sepa’s emails and contacts center but Sepa said that the warning services were trying to adapt and operate.
However, Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group.
Sepa chief executive Terry A’Hearn said, “We have witnessed a sophisticated and significant cyber-attack. We have made our legal obligations, and have also taken Police Scotland’s advice. We are confirming that stolen data has been illegally published online.”
The agency also said that though stolen data had now been illegally published and work to find out was underway, it does not yet know, and may likely never know the complete detail of the information stolen.
Terry A’Hearn added, “We are working quickly with multi-agency partners to recover the data.”
The data has been put on the dark web – a part of the internet associated with criminals and is accessible through some specialized software.
Sepa chief executive Terry A’Hearn further added, “We’ve been clear that we won’t use public finance to pay serious and organized criminals. The staff had been contacted based on the information available, were being supported, and that a dedicated data loss support website, Police Scotland guidance support line was available for regulated business.”
Terry A’Hearn added, “Sadly we’re not the first and won’t be the last national organization targeted by likely international crime groups. Despite the fact that we have lost access to most of our systems, including things as basic as our email system, but what we have not lost is our 1,200 expert staff. Through their knowledge, skills, and experience we have adapted and have continued to provide regulatory, flood forecasting and warning services.”
He further said, “Though our organization has been adversely affected, we are trying to recover. We will issue an update on service delivery and recovery early next week, with weekly updates.”
Police Scotland also offer advice that that organizations or individuals should avoid searching the stolen information, as this may likely place them and their computers at risk.
Michael McCullagh, Detective Inspector of Police Scotland’s Cybercrime Investigations Unit, said, “We are working with SEPA and the UK law enforcement community to investigate the incident.”
The inquiry in the incident is still at an early stage but is progress with the deployment of special cybercrime resources.