Scottish social care organisation falls victim to ransomware gang
A Scottish social care organisation that provides services to the homeless has fallen victim to a “sickening” cyber attack that has seen thousands of its files – including the personal information of employees and clients – posted online.
Glasgow-based Aspire, which works with vulnerable groups across the city, has been targeted by a ransomware gang which dumped a vast tranche of its corporate information on a dark web forum, after the organisation refused to pay its ransom demand.
And it emerged that the ransomware group – Conti – is the same that hit the Scottish Environment Protection Agency (SEPA) in a devastating Christmas Eve hack, which left the organisation locked out of its network and from which it is still recovering.
The latest incident is part of a global surge in so-called ‘big game hunting’ ransomware attacks, which target organisations by revenue size in order to maximise profits in a lucrative criminal enterprise that has capitalised on corporate IT vulnerabilities during the Covid-19 pandemic.
Police said this afternoon that the incident was believed to have occurred on April 2 and was reported to them a day later, triggering a multi-agency response.
Detective Inspector Michael McCullagh, Cybercrime Investigations Unit, Police Scotland said: “We are investigating a cyber incident at Aspire, Glasgow, which was reported to police on Saturday, 3 April, 2021.
“Enquiries are ongoing and we are working closely with Aspire, their IT support, and the wider UK Cyber Law Enforcement network.
“We are aware of the publication of data and are supporting Aspire to help those affected by the sickening actions of these criminals. This continues in conjunction with Police Scotland’s Cyber Harm Prevention colleagues.”
The Conti gang released 19,571 files belonging to Aspire – which is an employee-owned organisation – on its underground web ‘blog’, on which it warns in broken English: “If you are a client who declined the deal and did not find your data on cartel’s website or did not find valuable files, this does not mean that we forgot about you, it only means that data was sold and only therefore it did not publish in free access!”
Among the files – which we are choosing not to publish – contain private details of employees’ salaries, personal details of clients in receipt of services and email correspondence between senior members of the organisation, including its chief executive and senior management team.
The ransomware attackers published 100% of Aspire’s data on Friday April 23, around three weeks after the attack, which follows a similar pattern to how they deployed the so-called ‘double extort’ technique against SEPA. This method involves shutting the victim out of its network, and stealing data to exact additional leverage in trying to force payment, usually demanded in Bitcoin.
Ultimately, the attempt more than likely failed as only successful extortions go unpunished in releasing stolen data of victims.
Jude McCorry, chief executive of the Scottish Business Resilience Centre (SBRC), said: “There are many ways including ransomware a business can experience a cyber security incident, with varying levels of complexity and disruption. Cyber incidents can occur through deliberate targeting, or even human error, the end result is the same, a disruptive effect on business operations.
At SBRC, we are working in partnership with Police Scotland and Scottish government running the UK’s first collaborative cyber incident response helpline for organisations in Scotland.
“If you think that you are a victim of a cyber attack your first call should be to Police Scotland on 101 to report the crime (whilst respecting your IT systems as a crime scene) and our incident response helpline on 01786 437472, we will assist you with immediate support and expert guidance, and ensure you are speaking to the correct agencies and organisations to help you feel supported and get you back in operation securely.”
Why a digital-led approach to revision can bridge the gap between the classroom and at-home learning
Over the last year, the education sector has had to pivot to embrace technology and digital innovation in a way that we would have never imagined in a pre-pandemic world….
Online Scottish history resources are helping to lay the ghost of an ‘educational scandal’ to rest
As a history teacher at Leith Academy in Edinburgh, Jesanna Gooch has worked tirelessly to engage her students’ interest in Scottish history. She quickly realised utilising more contemporary mediums was…
Working as ‘one team’
I often read in tenders that organisations are “seeking a strategic partnership” – but unfortunately, once the contracts are signed, the relationship often reverts back to one of a supplier…
A year to prepare our young people to change the world
This month, Greta Thunberg: A Year to Change the World has been broadcast across our screens. Thunberg hardly needs an introduction however the 18-year-old, who has been leading the climate…
Making the grade: blended vs face-to-face learning?
As children and young people begin to return to school to engage again in face-to-face learning, the sighs of relief are many. From teachers, who can get back to something…
Building our economic recovery around life sciences
In just under a month, Scottish voters will go to the polls to elect the next Scottish government and regardless of who is returned to St Andrews House they will…
From bench to bedside
Edinburgh academics support digital health innovation from germ of idea to effective treatment The Covid-19 pandemic has forced the world to challenge traditional ways of working, innovate and accelerate transformation,…
Building Scotland’s reputation on the world stage for data and AI
The Data Lab is helping startups develop cutting-edge tech – fit for the pandemic. It’s been a difficult year for every aspect of our society, with the wider implications of…