04 February 2021

The Scottish Environment Protection Agency (Sepa) said it was continuing to respond to an ongoing ransomware attack on Christmas Eve, probably by international serious and organised cyber-crime groups.

It also confirmed the theft of 1.2GB of data, which suggests around 4,000 files may have been accessed and stolen as part of a “complex and sophisticated” attack. However, Sepa reassured the public that priority regulatory, monitoring, flood forecasting and warning services are adapting and continuing to operate.

“Whilst having moved quickly to isolate our systems, cybersecurity specialists, working with Sepa, the Scottish government, Police Scotland and the National Cyber Security Centre, have now confirmed the significance of the ongoing incident,” said Terry A’Hearn, Sepa chief executive. “Partners have confirmed that Sepa remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber- crime groups intent on disrupting public services and extorting public funds.

Sepa added that recovery may take a sig- nificant amount of time, with some systems remaining badly affected for some time. Some security analysts said the hack was similar to that of ones conducted by Russian organised cyber criminals. However, neither Sepa nor Scottish police have commented on the matter.