Another Ransom Attack On A Government Agency, Suffers Data Leak After Refusing To Pay Ransom

A government’s regulatory authority of Scotland focused on protecting the environment, known as SEPA (Scottish Environment Protection Agency), suffered a ransomware attack on the evening of last Christmas, in which the cybercriminal gang somehow stole around 1.2 GB of data that was in processing. The attackers/hackers responsible for this ransomware attack demanded a ransom in exchange for not leaking or making public their stolen data.

As the company denied their request to pay the ransom, the group behind the attack leaked thousands of files out of the stolen data, online. It’s been almost a month since the attack took place but the services served by the SEPA are still non-functional. Even though the government authority has remained inactive for almost a month, they have clarified by repeating that they will not get involved with the attacker’s aim to extort public funds and disrupt public services.

However, the authority still hasn’t clarified about exactly what type of ransomware attack they have been impacted by but it is being believed that a cybercrime group has taken responsibility for this attack, known as the Conti Ransomware Gang. As a subsequent of the authority denying to pay the ransom, the cybercrime group, Conti, leaked the stolen data on their website. The leaked data included more than 4000 document and database-related contracts, strategies, and commercial services. The breaching/stealing and leaking of 4000 documents/files have been assured by the organization (SEPA).

The organization also ensures that they are throwing non-stop efforts to analyze the attack and take appropriate measures, and are togetherly working with Scotland’s Police and Government, plus the NCSC (National Cyber Security Centre). Even after the effects organization is facing by the attack, it has managed to provide some basic services like warning, regulation, flood forecasting, and monitoring. Such ransomware attacks that involve demanding ransom in exchange for not publishing confidential data online have grown massively in recent times.

Every single successful ransomware attack serves as leverage to the attackers as they gain massive amounts of bitcoins as a ransom (which cybercrime groups may use to perform further attacks). It is observed in a few cases that the organizations and companies who are capable of recovering the held data without the decryption key still pay ransoms to the attacker to ensure that their data isn’t leaked or published openly. It is a sour truth that such attacks of ransom are quite successful and will keep developing as many such cybercrime groups are still gaining ransoms from a number of organizations. It is also a fact that such attacks are the most destructive attacks any organization can suffer.

Some of the points, as updates on the attack, are mentioned by the SEPA in a post are:-

• SEPA issues further update on cyber-attack, data theft, service delivery, and recovery.
• Ransomware attack remains ongoing as SEPA reiterates it will not engage with criminals intent on disrupting public services and extorting public funds.
• Data likely to be stolen by international serious and organised cyber-crime groups has been illegally published online.
• SEPA working to recover and analyse data then contact and support affected organisations and individuals over coming days and weeks as quickly as identifications confirmed.
• Dedicated data loss support website, Police Scotland guidance, enquiry form and support line available for regulated business and supply chain partners.
• Priority regulatory, monitoring, flood forecasting and warning services continuing to adapt and operate.
• Broader update on service delivery and recovery to be confirmed early next week.
• SEPA continuing to work with Scottish Government, Police Scotland, the National Cyber Security Centre and cyber-security specialists to respond to what remains complex and sophisticated criminality. Subject of a live criminal investigation.
• The latest information on the cyber-attack, limited data loss, and how to contact the agency is available at sepa.org.uk/cyberattack.

If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.