Yesterday (14 January), the agency confirmed criminals were demanding a ransom to unlock its digital systems, and that 1.2GB of data had been stolen despite being “certified to UK Government security standards”.
SEPA said that while the amount of data stolen could be compared to a “small fraction of the contents of an average laptop hard drive” indications suggest that at least four thousand files have been accessed.
The data could have included business, procurement and project information, as well as personal information relating to staff.
Waste industry experts have described the attack as “very severe” with no email systems or records available. It is thought that simple systems such as email will remain badly affected for quite some time, and require new systems in place.
The environmental regulator said that the matter is now subject to a live criminal investigation.
On BBC radio Scotland yesterday, shown below, Terry A’Hearn, chief executive of SEPA said that the regulator will “not be using public funds to pay ransom to criminals” and ensured the public that it will do its job to protect the environment.
Stolen data
In a statement on the attack released yesterday, Mr A’Hearn explained that work continues by cyber security specialists to seek to identify what the stolen data was.
He said: “Whilst we don’t know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to a number of business areas. Some of the information stolen will have been publicly available, whilst some will not have been.
“Staff members affected to date have been notified, are being supported and are being given access to specialist advice and services. Support, including specialist advice from Police Scotland and mitigation services, is also being offered to staff across the organisation.”
Response
The “significant cyber attack” first occurred at one minute past midnight on 24 December, which has impacted its contact centre, internal systems, processes and internal communications.
The agency’s Emergency Management Team is working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond, and has put business continuity plans into place.
The agency advised that it needed to “protect the criminal investigation and its systems”, meaning that some internal systems and external data products will remain offline in the short term. It added however, that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.
MR A’Hearn explained: “Whilst having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident.
“Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”
SEPA also released the below video outlining the steps it is taking.
Subscribe for free