Cyber Criminals Publish Stolen Files

The Scottish Environment Protection Agency (SEPA), has confirmed that the cyber criminals which carried out a ransomware attack targeting its systems in December have now published 1.2 GB of information online after SEPA refused to pay the  ransom demand.

The data which includes confidential contracts, strategy documents and databases are among a total of 4,000 files dumped on the Dark Web, that invisible part of the internet often associated with criminality and only accessible through specialised software. 

The agency’s job is to protect the Scotland’s environment via national flood forecasting, flood warnings and the stolen data included critical  information related to environmental businesses, including publicly-available regulated site permits, authorisations and enforcement notices, as well as data related to SEPA corporate plans, priorities and change programs. Other compromised data was related to publicly available procurement awards and commercial work with SEPA’s international partners and some personal data of SEPA’s staff was also stolen by the hackers.

When the stolen data is dumped like this, it usually means the hackers has given up hope of being able to extract payment from the victim, or to cash in on it in other ways. 

SEPA chief executive Terry A'Hearn said: "We've been clear that we won't use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds... We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online". 

The attack locked SEPA's emails and contacts centre but the agency said hat priority regulatory, monitoring, flood forecasting and warning services were able to adjust and continued to operate. They also point out that theft of 1.2GB of data was the equivalent to a small fraction of the contents of an average laptop hard drive. Some of the information stolen was already publicly available but other files included data about staff and suppliers was not. Where information has been identified to date, staff have been informed. 

A spokesman of the cyber security company Emsisoft, which specialises in anti-malware commented on the SEPA  the ransomware attack suggesting that is showed common characteristics with a type of ransomware called Ryuk

Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident. Enquiries remain at an early stage and continue to progress including deployment of specialist cyber crime resources to support their response.

SEPA:    Threatpost:       ITPro:       STV:        BBC:       Open Security:        TEISS

You Might Also Read: 

Beware The Latest  Malware:

 

« Ransomware Is A CISO's Nightmare
Maritime Cyber Security Needs Shipping Companies to Focus »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.

QRC Assurance & Solutions

QRC Assurance & Solutions

QRC is a PCI QSA, QPA, ISO accredited, CPA and CERT-IN empanelled organization with vast experience in conducting certification, regulatory audits, pen testing services, training and more.