[BreachExchange] Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency

[Destry Winant]

https://www.zdnet.com/article/ongoing-ransomware-attack-leaves-systems-badly-affected-says-scottish-environment-agency/

The Scottish Environment Protection Agency (SEPA) has confirmed that
it was hit by a ransomware attack last month and is continuing to feel
the impact.

SEPA's contact centre, internal systems, processes and internal
communication have all been affected by the attack, which hit on
Christmas Eve. The organisation, which is Scotland's government
regulator for protecting the environment, has also confirmed that
1.2GB of data has been stolen as part of the attack – including
personal information relating to SEPA staff.

MORE ON PRIVACY

Microsoft to apply California's privacy law for all US users
Mind-reading technology: The security and privacy threats ahead
How to replace each Google service with a more privacy-friendly alternative
Cyber security 101: Protect your privacy from hackers, spies, and the government

Despite the ransomware attack, SEPA's ability to provide flood
forecasting and warning services, as well as regulation and monitoring
services, has continued.

But while the infected systems have been isolated, SEPA's latest
update on the ransomware attack says that recovery will take a
"significant period" and that a number of systems will "remain badly
affected for some time" with entirely new systems required. SEPA has
blamed the ransomware attack on "serious and organised" cyber
criminals.

"Whilst having moved quickly to isolate our systems, cybersecurity
specialists, working with SEPA, Scottish Government, Police Scotland
and the National Cyber Security Centre, have now confirmed the
significance of the ongoing incident," said Terry A'Hearn, Chief
Executive of SEPA.

"Partners have confirmed that SEPA remains subject to an ongoing
ransomware attack likely to be by international serious and organised
cyber-crime groups intent on disrupting public services and extorting
public funds."

While the organisation itself hasn't confirmed what form of ransomware
it has fallen victim to, the cyber-criminal group behind Conti
ransomware has published what it claims to be data stolen from the
Scottish government agency.

Stealing data has become increasingly common for ransomware gangs.
They use the stolen data to double-down on attempts at extortion by
threatening to leak the information if the victim doesn't give into
the ransom demand of hundreds of thousands, or even millions, of
dollars in bitcoin in exchange for the decryption key.

SEPA hasn't yet detailed how cyber criminals were able to break into
the network to deploy ransomware and the investigation into the
incident is still ongoing.

"We are aware of this incident affecting the Scottish Environment
Protection Agency and are working with law enforcement partners to
understand its impact," an NCSC spokesperaon told ZDNet.

Ransomware has become one of the most disruptive and damaging
cyberattacks an organisation can face and cyber criminals show no
signs of slowing down ransomware campaigns because, for now at least,
ransomware gangs are still successfully extorting large payments out
of victims.