3 min read

Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack

Graham CLULEY

January 22, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack
  • SEPA was hit by ransomware attack on Christmas Eve
  • Corporate plans and contracts published after organisation refused to give in to ransom demand

There’s more bad news for the Scottish Environment Protection Agency (SEPA) which was hit by a ransomware attack on Christmas Eve – a serious security breach that has continued to impact its internal systems and forced its email offline.

The Conti ransomware gang has now published 4,150 files stolen from SEPA on the dark web. Corporate plans, contracts, spreadsheets, and potentially personal information about staff, can be found amongst the haul of files now available for anybody to download with no payment required.

The malicious hackers have released the files that they stole from SEPA before unleashing their file-encrypting ransomware in frustration that the agency refused to pay any money to its extortionists.

Conti, like other notable ransomware gangs, has found that exfiltrating data from its victims and threatening to either sell it to other hackers or release it to the world increases the chance of a pay day. For that reason they, and some other ransomware gangs, run websites that publicise their latest hacks and make the stolen data available – at least for those “clients” who refuse to pay up.

Past victims of Conti have included the industrial IoT firm Advantech, which received a $14 million ransom demand from its attackers, as well as coffee machine maker De”Longi and customer information firm Ixsight Technologies.

The release of SEPA’s data is not that much of a surprise. The agency’s chief executive Terry A’Hearn has made clear in media interviews that it was not prepared to use public funds to pay money to its criminal extortionists.

That certainly isn’t the position of some ransomware victims, who have in the past been criticised by some for giving in to the demands of hackers in the hope of restoring their systems and to prevent the release of stolen data.

I don’t feel comfortable complaining too loudly about companies who decide to make the difficult decision to pay a ransom, as they may feel the only other alternative is to put their organisation, their parents, and workers’ positions in jeopardy. It’s the type of uncomfortable decision no chief executive ever wants to find themselves having to make – and it does, inevitably, encourage the criminal underworld to launch more ransomware attacks, feeding the underworld industry.

But I do admire Terry A’Hearn and his colleagues at SEPA for taking a stand, and for their clear communications with the outside world about what is going on, and the steps it is taking to harden its security.

“Sadly we”re not the first and won”t be the last national organisation targeted by likely international crime groups. We”ve said that whilst for the time being we”ve lost access to most of our systems, including things as basic as our email system, what we haven”t lost is our twelve-hundred expert staff,” said A’Hearn in a press statement. “Through their knowledge, skills and experience we”ve adapted and since day one continued to provide priority regulatory, monitoring, flood forecasting and warning services. Whilst some systems and services may be badly affected for some time, step-by-step we”re working to assess and consider how we recover. We”ll issue a broader update on service delivery and recovery early next week, with weekly updates to be clear on what those we work with can expect and how we”ll prioritise progress.”

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read