Cyber Criminals Publish Stolen Files

The Scottish Environment Protection Agency (SEPA), has confirmed that the cyber criminals which carried out a ransomware attack targeting its systems in December have now published 1.2 GB of information online after SEPA refused to pay the  ransom demand.

The data which includes confidential contracts, strategy documents and databases are among a total of 4,000 files dumped on the Dark Web, that invisible part of the internet often associated with criminality and only accessible through specialised software. 

The agency’s job is to protect the Scotland’s environment via national flood forecasting, flood warnings and the stolen data included critical  information related to environmental businesses, including publicly-available regulated site permits, authorisations and enforcement notices, as well as data related to SEPA corporate plans, priorities and change programs. Other compromised data was related to publicly available procurement awards and commercial work with SEPA’s international partners and some personal data of SEPA’s staff was also stolen by the hackers.

When the stolen data is dumped like this, it usually means the hackers has given up hope of being able to extract payment from the victim, or to cash in on it in other ways. 

SEPA chief executive Terry A'Hearn said: "We've been clear that we won't use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds... We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online". 

The attack locked SEPA's emails and contacts centre but the agency said hat priority regulatory, monitoring, flood forecasting and warning services were able to adjust and continued to operate. They also point out that theft of 1.2GB of data was the equivalent to a small fraction of the contents of an average laptop hard drive. Some of the information stolen was already publicly available but other files included data about staff and suppliers was not. Where information has been identified to date, staff have been informed. 

A spokesman of the cyber security company Emsisoft, which specialises in anti-malware commented on the SEPA  the ransomware attack suggesting that is showed common characteristics with a type of ransomware called Ryuk

Police Scotland are working closely with SEPA and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident. Enquiries remain at an early stage and continue to progress including deployment of specialist cyber crime resources to support their response.

SEPA:    Threatpost:       ITPro:       STV:        BBC:       Open Security:        TEISS

You Might Also Read: 

Beware The Latest  Malware:

 

« Ransomware Is A CISO's Nightmare
Maritime Cyber Security Needs Shipping Companies to Focus »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.