SEPA confirms ransomware attack response following 1.2 GB data theft

January 18, 2021

FEATURED

The Scottish Environment Protection Agency (SEPA) have recently confirmed the manner in which they will continue to respond to an ongoing ransomware attack that was responsible for the theft of 1.2 GB of data.

The cyber-attack took place at 00:01 on December 24 2020 and whilst the attackers responsible are currently unknown, it is thought that an international serious and organised cyber-crime group are responsible.

Ransomware attack & SEPA response

Moments after the attack, continuity arrangements were immediately enacted and the agency’s Emergency Management Team – who are working with the Scottish Government, Police Scotland and the National Cyber Security Centre – have been responding.

SEPA’s confirmed approach to the crime is to to take the best advice from these multi-agency partners in support of its response. In the short-term therefore, certain internal systems and external data products will remain offline; priority regulatory, monitoring, flood forecasting and warning services are continuing to operate.

The official announcement confirmed that:

“Contact centre and web self-help services are being slowly restored, including SEPA’s Floodline, 24 Hour Pollution Hotline and environmental event online reporting.

“Regulatory teams continue to prioritise the most significant environmental events, high hazard sites and sites of community concern.

“Delivery of nationally important flood forecasting and warning products has continued, with flood alerts and warnings being issued within 24 hours of the attack.”

Attackers “intent on disrupting public services and extorting public funds”

Terry A’Hearn, Chief Executive of the Scottish Environment Protection Agency, remarked: “Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident.

“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
 
To find out more information, read the full press release here.

Read Next

Security Journal UK

Subscribe Now

Subscribe
Apply
£99.99 for each year
No payment items has been selected yet