Hackers Stole and Publish Scottish Gov Agency Files

Attackers have now reportedly published more than 4000 files, which they have stolen from Scottish Environment Protection Agency(SEPA). These files include contacts and strategy documents. 

They attacked on Christmas Eve and successfully encrypted 1.2GB of information from SEPA. According to the agency, because of the attack SEPA’s email address went down. Environmental regulator of Scotland, SEPA, stressed that they will not engage with the cybercriminals.

CEO of SEPA, Terry A’Hearn, said in a statement, we won’t use public finance to pay serious and organized criminals intent on disrupting public services and extorting public funds. 

With national flood forecasting, flood warnings and more, the agency is protecting Scotland’s environment. In this attack, various information related to environment businesses, publicly available regulated site permits, authorizations and enforcement notices, as well as data related to SEPA corporate plans, priorities and change programs has been stolen. Data related to publicly available procurement awards and commercial work with SEPA’s international partners was also stolen. 

SEPA also said they still don’t know the full details of stolen data. It is confirmed, some of the compromised data was already publicly available. 

According to SEPA, by working with cyber security experts, we have established a dedicated team, to identify the details of business or partner information loss. We will directly contact as quickly as possible with affected organizations. 

According to an update from the agency, it is clear that recovery may take a significant period because in this attack SEPA’s email and other systems went down. They also said that a number of SEPA systems will remain badly affected for some time.

How the ransomware attack first started and how much attackers are demanding in terms of a ransom payment is still unclear. Attackers are now putting more pressure on the agency to pay up and also throwing out stolen data on underground forums. 

According to reports, hackers confirmed that around 1000 people so far have viewed the compromised documents on their website. Threat analyst with Emsisoft, Brett Callow said, “The Conti ransomware gang has taken responsibility for the attack.”

Callow also said that over the last couple of years, attacks on governments become increasingly common and they will continue at the current level until some positive action is taken. 

For rooting out personal data, ransomware actors are also looking at the government and public sector. According to a report, in 2019, around 22 Texas organizations and government agencies were hit by a ransomware attack and all the attacks were done by a single threat actor. 

In October 2020, to help stop a series of government-focused ransomware attacks in Louisiana, the National Guard was called. To reduce the risk of falling victim to ransomware attacks, we must evolve our protection.