Threat Actors Demand Ransom After Major Cyber Attack on Scottish Environmental Protection Agency


Scottish Environment Protection Agency (SEPA) said its digital systems have been severely affected by a ransomware attack since Christmas Eve. Threat actors have locked agency's emails and contact centers and are demanding a ransom to unlock them.

National Cyber Security Centre and Scotland Police are investigating the whole incident and it is believed that the international cybercriminal group is behind the ransomware attack. Cybersecurity experts have unearthed that threat actors have stolen nearly 1.2 GB of data which suggests threat actors may have accessed and stolen 4,000 files.

SEPA said they have to start from scratch and build a whole new system following a ‘significant cyber-attack’. Agency further stated that essential services regarding food forecasting and warnings have not been hit by cyber-attack. Though it remains highly unlikely that 1,300 employees will be able to secure access to their old emails and online documents.

Scotland’s environmental regulator has termed this attack as an “incredibly sophisticated attack” and warned threat actors to face the consequences. We are aware that threat actors are demanding a ransom to unlock the agency's system but they will not succeed in their plan.

SEPA’s Chief Executive Terry A’ Hearn stated that “whilst we don’t know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to several business areas, some of the information stolen will have been publicly available”. 

The Conti ransomware group asserted the attack and has already leaked sensitive information on its site. The stolen information includes personal information associated with SEPA employees and information associated with commercial work with international allies.