SEPA held to ransom by ‘international’ data thieves

Want to read more?

We value our content and access to our full site is only available on subscription. Your subscription entitles you to 7-day-a-week access to our website, plus a full digital copy of that week’s paper to read on your pc/mac or mobile device In addition your subscription includes access to digital archive copies from 2006 onwards.

Already a subscriber?
Subscribe Now

The Scottish Environment Protection Agency (SEPA) has confirmed that it is subject to an ‘ongoing’ ransomware attack which started on Christmas Eve.

SEPA, Scotland’s principal environmental regulator, said 1.2GB of data had been stolen which it described as equivalent to a small fraction of the contents of an average laptop hard drive.

It said the theft is likely to have been committed by ‘international serious and organised cyber-crime groups’ with such attacks aimed at ‘disrupting public services and extorting public funds’.

It is now working with the Scottish Government, Police Scotland and the National Cyber Security Centre.

Infected systems have been isolated but it said recovery may take a significant period with SEPA IT systems, such as email, likely to remain ‘badly affected for some time’.

SEPA functions, such as priority regulation, monitoring, flood forecasting and warning services are adapting and continuing to operate, it said.

The agency confirmed last week the attack occurred at one minute past midnight on  Christmas Eve but ‘business continuity arrangements’ were immediately enacted.

Terry A’Hearn, chief executive of the SPA, said: ‘We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cyber security professionals day and night since Christmas Eve.

‘Work continues by cyber security specialists to seek to identify what the stolen data was. Whilst we don’t know and may never know the full detail of the 1.2GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas.  Some of the information stolen will have been publicly available, whilst some will not have been,’ he said.

He added: ‘Whilst the actions of serious and organised criminals means that for the moment we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1,200 staff who day in, day out work tirelessly to protect Scotland’s environment.

‘Sadly we’re not the first and won’t be the last national organisation targeted by likely international criminals. Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.’

Information stolen includes publicly available regulated site permits, authorisations and enforcement notices, it said.

Other information stolen related to SEPA corporate plans, priorities and change programmes and procurement information and commercial project information.

Personal information relating to SEPA staff has also been stolen with affected staff notified and given access to specialist advice and services.

Det Insp Michael McCullagh of Police Scotland’s cybercrime investigations unit said: ‘This remains an ongoing investigation. Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.

‘Enquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response. It would be inappropriate to provide more specific detail of investigations at this time.’

Photo: SEPA-logo-472×472