International crime group behind SEPA cyber-attack, police say

An “international serious organised crime group” was likely responsible for the December 2020 cyber-attack against the Scottish Environment Protection Agency (SEPA), it has emerged.

According to findings published today (27 October) by Police Scotland and the Scottish Business Resilience Centre (SBRC), the attack also “displayed significant stealth and malicious sophistication”.

SEPA’s digital systems were held under attack on Christmas eve last year, which continued into January.

The agency confirmed criminals were demanding a ransom to unlock its digital systems, and that 1.2GB of data had been stolen despite being “certified to UK Government security standards”.

SEPA confirmed that it did not respond to the ransom request left.

‘Awful crime’

Terry A’Hearn, chief executive at SEPA, explained that he commissioned the audits into the attack as he believed it was its “responsibility as a public agency”.

“In the face of this awful crime, I am immensely proud of the way our team has coped and responded.” – Terry A’Hearn, chief executive, SEPA

He explained: “Unfortunately, our story is not unique. Cybercrime has rapidly expanded around the world.

“In the face of this awful crime, I am immensely proud of the way our team has coped and responded. We have delivered high-priority services to protect Scotland’s environment and started building all our services up in new and better ways. In the end, we will have fast-tracked major reforms we had set out to do anyway.

“The audits make it clear we were well protected but that no cyber security regime can be 100% secure. A number of learnings have been identified that will help SEPA further improve its cyber security.  All have been accepted”.

He added that “a key element” of SEPA’s recovery was to set a “high level of transparency” in its work.


The audits noted a “secondary and deliberate attempt to compromise SEPA systems” while the team endeavoured to recover and restore back-ups.

The attack on SEPA’s digital systems occurred on Christmas Eve (Picture: Shutterstock)

Police Scotland has also confirmed that SEPA “was not and is not a poorly protected organisation”.

The audits determined that the agency’s cyber maturity assessment as “high”, meaning that sophisticated defence and detection mechanisms were implemented and operating correctly prior to the attack.

Police Scotland also found that “SEPA has a strong culture of resilience, governance, incident, and emergency management”. It regularly tested its emergency response capability and had undertaken a cyber exercise.


The audits also recommended actions across the Scottish public sector, including 24-hour security operations, implementing a Cyber Incident Response (CIR) specialist company and regular reviews of an incident response plan.


Waste Crime Conference | 02 December | Pinsent Masons

The Waste Crime conference will explore types of waste crime, actions that have been taken to target the problem and future steps. Join us to discuss the key challenges facing the industry. This one day event is a must attend for anyone that works to prevent and enforce or is affected by waste crime including theft, illegal sites and fly tipping.


Leave a Reply

The Blog Box

Other Publications from
The Environment Media Group

Back to top