3 min read

Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack

Graham CLULEY

January 22, 2021

Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack
  • SEPA was hit by ransomware attack on Christmas Eve
  • Corporate plans and contracts published after organisation refused to give in to ransom demand

There’s more bad news for the Scottish Environment Protection Agency (SEPA) which was hit by a ransomware attack on Christmas Eve – a serious security breach that has continued to impact its internal systems and forced its email offline.

The Conti ransomware gang has now published 4,150 files stolen from SEPA on the dark web. Corporate plans, contracts, spreadsheets, and potentially personal information about staff, can be found amongst the haul of files now available for anybody to download with no payment required.

The malicious hackers have released the files that they stole from SEPA before unleashing their file-encrypting ransomware in frustration that the agency refused to pay any money to its extortionists.

Conti, like other notable ransomware gangs, has found that exfiltrating data from its victims and threatening to either sell it to other hackers or release it to the world increases the chance of a pay day. For that reason they, and some other ransomware gangs, run websites that publicise their latest hacks and make the stolen data available – at least for those “clients” who refuse to pay up.

Past victims of Conti have included the industrial IoT firm Advantech, which received a $14 million ransom demand from its attackers, as well as coffee machine maker De”Longi and customer information firm Ixsight Technologies.

The release of SEPA’s data is not that much of a surprise. The agency’s chief executive Terry A’Hearn has made clear in media interviews that it was not prepared to use public funds to pay money to its criminal extortionists.

That certainly isn’t the position of some ransomware victims, who have in the past been criticised by some for giving in to the demands of hackers in the hope of restoring their systems and to prevent the release of stolen data.

I don’t feel comfortable complaining too loudly about companies who decide to make the difficult decision to pay a ransom, as they may feel the only other alternative is to put their organisation, their parents, and workers’ positions in jeopardy. It’s the type of uncomfortable decision no chief executive ever wants to find themselves having to make – and it does, inevitably, encourage the criminal underworld to launch more ransomware attacks, feeding the underworld industry.

But I do admire Terry A’Hearn and his colleagues at SEPA for taking a stand, and for their clear communications with the outside world about what is going on, and the steps it is taking to harden its security.

“Sadly we”re not the first and won”t be the last national organisation targeted by likely international crime groups. We”ve said that whilst for the time being we”ve lost access to most of our systems, including things as basic as our email system, what we haven”t lost is our twelve-hundred expert staff,” said A’Hearn in a press statement. “Through their knowledge, skills and experience we”ve adapted and since day one continued to provide priority regulatory, monitoring, flood forecasting and warning services. Whilst some systems and services may be badly affected for some time, step-by-step we”re working to assess and consider how we recover. We”ll issue a broader update on service delivery and recovery early next week, with weekly updates to be clear on what those we work with can expect and how we”ll prioritise progress.”

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read