SEPA ransomware cyber attack data published online

The Scottish Environment Protection Agency (SEPA) has provided a further update on the ongoing ransomware cyber attack which has hit theorganisation since Christmas Eve.

SEPA reiterated it will not engage with “criminals intent on disrupting public services and extorting public funds.”

The environmental regulator confirmed that data stolen by “what was likely to be international serious and organised cyber-crime groups” has now been illegally published online.

At least four thousand files may have been stolen by the criminals involved.

“Supported by Scottish Government, Police Scotland and the National Cyber Security Centre, we continue to respond to what remains a significant and sophisticated cyber-attack and a serious crime against SEPA” said SEPA CEO Terry A’Hearn.

“We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.

“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.

“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”

Detective Inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said: “This remains an ongoing investigation.

“Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.

“Enquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response.

“It would be inappropriate to provide more specific detail of investigations at this time.”

Scottish Business Resilience Centre CEO Jude McCorry said: “There are many ways including ransomware a business can experience a cyber security incident, with varying levels of complexity and disruption.

“Cyber incidents can occur through deliberate targeting like we have seen with SEPA, or even human error, the end result is the same, a disruptive effect on business operations.

“At SBRC we are working in partnership with Police Scotland and Scottish government running the UK’s first collaborative cyber incident response helpline for organisations in Scotland.”