SEPA systems knocked offline by 'ongoing' ransomware attack
Critical services such as flood forecasting are still in operation, the agency said.
The Scottish Environmental Protection Agency (SEPA) has confirmed it is responding to an ongoing ransomware attack launched by a highly organised, international cybercrime group.
The cyber-attack was launched on Christmas Eve and has knocked a number of key systems offline since, causing great disruption for the government agency.
Last week, SEPA revealed that business continuity arrangements had been enacted and that it was working closely with the Scottish Government and law enforcement to resolve the issue.
MarTech Summit 2021
In a statement yesterday (14th January), SEPA confirmed that around 1.2GB of data has been stolen as a result of the ransomware attack.
Currently, exact details on what data has been stolen are unavailable. However, early indications suggest this could be information related to “a number of business areas”, the agency said.
“Some of the information stolen will have been publicly available, whilst some will not have been,” said Terry A’Hearn, Chief Executive of SEPA.
The organisation was keen to insist that services will continue to operate despite the disruption.
“Priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
“Regulatory teams continue to prioritise the most significant environmental events, high hazard sites and sites of community concern,” the agency said.
A’Hearn also revealed SEPA has been working closely with specialists from the National Cyber Security Centre throughout the incident.
“Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident,” he said.
“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
Some internal systems and external data products remain offline. According to SEPA, the decision was made to protect both the criminal investigation and it’s computer systems.
Although infected systems have been isolated, the agency warned that recovery “may take a significant period” and that a number of systems will remain “badly affected for some time”.
It is believed that new computer systems will be required as a result of the ransomware attack.
The Scottish Environmental Protection Agency (SEPA) has confirmed it is responding to an ongoing ransomware attack launched by a highly organised, international cybercrime group.
The cyber-attack was launched on Christmas Eve and has knocked a number of key systems offline since, causing great disruption for the government agency.
Last week, SEPA revealed that business continuity arrangements had been enacted and that it was working closely with the Scottish Government and law enforcement to resolve the issue.
MarTech Summit 2021
In a statement yesterday (14th January), SEPA confirmed that around 1.2GB of data has been stolen as a result of the ransomware attack.
Currently, exact details on what data has been stolen are unavailable. However, early indications suggest this could be information related to “a number of business areas”, the agency said.
“Some of the information stolen will have been publicly available, whilst some will not have been,” said Terry A’Hearn, Chief Executive of SEPA.
The organisation was keen to insist that services will continue to operate despite the disruption.
“Priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
“Regulatory teams continue to prioritise the most significant environmental events, high hazard sites and sites of community concern,” the agency said.
A’Hearn also revealed SEPA has been working closely with specialists from the National Cyber Security Centre throughout the incident.
“Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident,” he said.
“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
Some internal systems and external data products remain offline. According to SEPA, the decision was made to protect both the criminal investigation and it’s computer systems.
Although infected systems have been isolated, the agency warned that recovery “may take a significant period” and that a number of systems will remain “badly affected for some time”.
It is believed that new computer systems will be required as a result of the ransomware attack.
