A ransomware and data theft cyberattack on Scotland’s environmental agency is continuing to blight operations almost a month since it was targeted by online criminals.
The Scottish Environment Protection Agency (SEPA) has confirmed it is still working to resolve a significant cyberattack which brought its systems down on Christmas Eve.
The agency – which is responding to ‘complex and sophisticated criminality’ with support from the National Cyber Security Centre (NCSC), Police Scotland and Scottish Government – has revealed that the source of the attack is likely to be ‘by international serious and organised cyber-crime groups’.
The amount demanded by the ransomware element of the attack has not been revealed but the agency has confirmed that 1.2 gigabytes of data was stolen from its systems; whilst, by comparison, this is the equivalent to a small fraction of the contents of an average laptop hard drive, at least four thousand files may have been accessed and stolen by criminals.
Although the agency does not know – and may never know – the full detail of the of information stolen, early indications suggest that the theft related to the following business areas:
- Business information, such as publicly available regulated site permits, authorisations and enforcement notices. Some information related to SEPA corporate plans, priorities and change programmes.
- Procurement information, such as publicly available procurement awards.
- Project information related to our commercial work with international partners.
- Staff information, including personal information, with limited sensitive data having been accessed.
The agency has also confirmed that with infected systems isolated, recovery may take a “significant period”. A number of SEPA systems will remain badly affected for some time, with new systems required, it said in a statement.
Email systems remain impacted and offline and information submitted to SEPA by email since Christmas Eve is not currently accessible and whilst online pollution and enquiry reporting has now been restored, information submitted in the early stages of the attack is currently not accessible.
Support has been made available to staff and affected partners, and the agency is reassuring the public that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
The matter is subject to a live criminal investigation and the duty of confidence is embedded in law. The agency confirmed last week that following the attack at 00:01 Hrs on Christmas Eve, business continuity arrangements were immediately enacted, and the agency’s Emergency Management Team was working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond to what is complex and sophisticated criminality.
SEPA said its approach continues to be to take the ‘best professional advice from the multi-agency partners’, including Police Scotland and cyber security experts, to support its response. The agency advised that, for the time being, it needed to protect the criminal investigation and its systems. Consequently, some internal systems and external data products will remain offline in the short term.
Terry A’Hearn, Chief Executive of the Scottish Environment Protection Agency, said: “Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident. Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
“We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously” said A’Hearn, adding, “which is why we have worked closely with Police Scotland, Scottish Government, the National Cyber Security Centre and specialist cyber security professional’s day and night since Christmas Eve.”
He added: “Staff members affected to date have been notified, are being supported and are being given access to specialist advice and services. Support, including specialist advice from Police Scotland and mitigation services, is also being offered to staff across the organisation.”
He said: “Whilst the actions of serious and organised criminals means that for the moment, we’ve lost access to our systems and had information stolen, what we’ve not lost is the expertise of over 1,200 staff who day in, day out work tirelessly to protect Scotland’s environment.
“Sadly, we’re not the first and won’t be the last national organisation targeted by likely international criminals. Cyber-crime is a growing trend. Our focus is on supporting our people, our partners, protecting Scotland’s environment and, in time, following a review, sharing any learnings with wider public, private and voluntary sector partners.”
Detective Inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said: “This remains an ongoing investigation. Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident. Enquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response. It would be inappropriate to provide more specific detail of investigations at this time.”
In a recent interview with FutureScot, Ciaran Martin, who stepped down last year as the Chief Executive of the National Cyber Security Centre (NCSC), said that ransomware attacks such as this were his biggest cyber fear. When asked where are the gaps in cyber security defences, he said: “I never lost any sleep over the big nation state attacks because you have to accept that there are going to be attacks and our job is to repel them as best as we can. The things I always worried most about was ransomware in small but important organisations, such as health boards or local authorities. There are too many organisations that do important things like provide vital public services that are too susceptible to being extorted by criminal gangs. If they lose access to their networks, then there’s big trouble.”
Related posts
Interviews
Comment
Why innovation and marketing are the perfect partners to make changes that matter
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…
Women Lead: The female-led company championing intuitive working
Over the last two years, the pandemic forced a shift to more remote and flexible working practices. Whilst we might be seeing a “return to normal”, some companies are choosing…
Women Lead: My passion for young people to consider a career in digital
Twenty years ago, I stumbled across my career in digital marketing almost by accident. It was during my honours degree in marketing at Glasgow Caledonian University. I was on work…
Women Lead: Inclusive Silicon Valley cohort gives hope to entrepreneurs from diverse backgrounds
Things are happening on the Scottish tech scene. Big and small initiatives are creating a fantastic ripple effect on the sector, bottom up and top down, thanks to the recommendations…
Women Lead: The story of an entrepreneurial scientist
I first arrived in Scotland over 20 years ago. I had £75 in my wallet and a scholarship offer to do a PhD at the University of Edinburgh. Sometimes I…
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…