SEPA has still lost access to its data and systems because of Ransomware attack

Public body had about 1.2GB of data stolen from its digital systems on Christmas Eve.

In late December, it was reported that the Scottish Environment Protection Agency (SEPA) had been hit by “significant cyber attack”.

At the time, it was reported that the agency, one of a number of organisations regulating finfish aquaculture, said that communication into and across was “significantly impacted.”

In a recent update from SEPA Chief Executive Terry A’Hearn, he said that the public body had still lost access to its data and systems.

Terry A’Hearn. PHOTO: University of Cambridge

In late January, the BBC reported that Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group.

More than 4,000 stolen SEPA files have been put on the dark web, which included contracts, strategy documents and databases.

“Making the documents open to all means that information can be extracted to potentially be used against SEPA in further attacks or extortion attempts. It will be months, perhaps even years until the organisation can say it is safe once more and can put this cyber attack behind it,” wrote the BBC at the time.

SEPA said that it will not engage with likely international serious and organised criminals intent on disrupting public services and extorting public funds, and the matter is subject to a live criminal investigation.

“Sadly cyber-crime is an increasing challenge for Scotland’s businesses and public sector partners and service recovery takes time. Whilst, for the time being, we’ve lost access to our data and systems, what we haven’t lost is the expertise of our 1,200 staff. Since Christmas Eve, teams across the agency have been working flat-out to restore our services as quickly as possible. We’ve made good progress in the first few weeks and we’re already seeing more come back online,” said A’Hearn.

“We’re issuing weekly updates on our recovery,” he added.

Newsletter