Hackers Release Data Stolen In Sepa Ransomware Attack

HSBC, security, hacking

Hackers have released confidential business and staff data stolen in a Christmas Eve ransomware attack on Sepa after the agency refused to pay

Cyber-criminals have released confidential documents stolen from the Scottish Environment Protection Agency (Sepa) in an attack on Christmas Eve, after the agency refused to pay a ransom.

The attack resulted in the theft of some 1.2GB of data in the form of about 4,000 files, including confidential business information and personal data on staff, Sepa said.

The Conti ransomware group has claimed responsibility for the attack.

Sepa chief executive Terry A’Hearn called the incident a “significant and sophisticated” cyber-attack and said the agency was working with partners to recover and analyse the released data.

data breach, ransomwareData breach

As this progresses A’Hearn said the agency would work with the affected organisations and individuals on limiting the damage caused by the documents’ release.

“We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds,” A’Hearn said.

While Sepa emphasised that the data stolen is a fraction of the size of a typical computer hard drive, the material includes potentially sensitive data such as regulated site permits, authorisations, enforcement notices, corporate planning and change programmes, as well as procurement and staff data.

Some of the information was already publicly available, but files relating to staff and suppliers was not.

Sepa said priority regulatory, monitoring, flood forecasting and warning services were “continuing to adapt and operate” in spite of the attack, which locked many of the agency’s systems.

The agency said it has contacted the staff affected by the breach and set up a dedicated data loss support website, while providing police guidance and support to business and supply chain partners.


Detective inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said the investigation was ongoing.

“Police Scotland is working closely with Sepa and our partners at Scottish government and the wider UK law enforcement community to investigate and provide support in response to this incident,” he said.

“Enquiries remain at an early stage and continue to progress including deployment of specialist cyber crime resources to support this response.”

The Scottish Business Resilience Centre (SBRC) works with police and the Scottish government to operate a dedicated cyber-incident response helpline for Scottish organisations, available on 01786 437472.

However, organisations should initially contact police in the event of a cyber-incident.

Ransomware attacks principally involve encrypting an organisation’s systems and demanding a ransom to unlock them.

Evolving threat

However, such attacks have evolved in recent months to include data theft and threats to publicly release the organisation’s stolen files if the ransom is not paid.

Earlier this month, attackers published data stolen from the European Medicines Agency (EMA) in December relating to the Pfizer/BioNTech vaccine.

In that case, however, the EMA said the stolen documents appeared to have been modified prior to publication in order to diminish public confidence in the vaccine.

Nominet chief executive Russell Haworth said organisations should ensure they have the “breadth and depth of security” to fend off cyber-breaches.

He said organisations can build up cyber-resilience through coordinating threat intelligence and response between governments and industry.